0

Your Cart

No products in the cart.


The protection of your personal data is important to us!

Please take some time to read this Privacy Policy and learn about how the company under the name “Institute of Ecological Agriculture DEO” and with the trade name “insteco.gr” based at 38 Aristotelous Street, Athens 104 33, and email address info@insteco.gr, operating as the Data Controller, collects, stores, uses, and generally processes your personal data when you visit, register, or use the Company’s website www.insteco.gr (hereinafter the “website”) and its mobile applications (hereinafter the “Apps”), as well as when you transact with its physical store. This Privacy Policy also describes how your personal data is used, shared, and protected, the choices you have regarding your personal data, and how you can contact us. For inquiries about this Privacy Policy, as well as any issue related to the processing of your Data and the exercise of your rights, you can contact the Data Protection Officer (DPO) of the Institute at 38 Aristotelous Street, Athens 104 33, or at the email address info@insteco.gr A few words about the Company’s website

www.insteco.gr is the website of the Institute, which is non-profit and aims to support and promote ecological agriculture in Greece through documentation, research, dissemination, and awareness-raising.

What are personal data?

The term “personal data” refers to information about individuals, such as name, address, email address, contact number, etc., which identifies or can identify you, hereinafter referred to as “Personal Data” or “Data”.

What is the Processing of Personal Data?

Any act or series of acts performed, with or without automated means, on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Is it mandatory to provide your Data?

The provision of Data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or may be optional. The mandatory or optional nature of Data provision is indicated by an asterisk (*) next to the mandatory personal data. If you refuse to provide the data marked as mandatory on the Websites and communication forms, it will be impossible to achieve the main purpose of collecting this specific Data, and, for example, it may become impossible for the Institute to fulfill or provide the services available on its website. The provision of additional Data to the Institute beyond those indicated as mandatory is optional and does not have consequences regarding the main purposes of data collection, but their provision serves to optimize the quality of the services provided.

What Data We Collect

We take care to collect only the absolutely necessary data, which are appropriate and clear for the purpose they are intended. These data include:

Data collected when creating a user account on the website or apps:

  • Mandatory: email address*, login password*
  • Optional: name, surname, gender, date of birth, postal address, phone number.

Information from your transactions with us, either through the store or through our website:

  • For example, we collect notes from our conversations with you, details about any complaints or comments you make, details about appointments you book, how and when you communicate with us.

Interests and purchasing preferences, which help us suggest specific products and services that interest you:

  • For example, which of our services you prefer so that you can receive a personalized offer from us.

We will request and use only the data we have collected to suggest products or services of interest to you and to further improve your shopping experience with us. Of course, it is always your choice whether you share such information with us.

Details of your website visits or other websites you visited before us: Information collected from the use of cookies in your browser. Learn more about how we use cookies here.

Your comments and product reviews.

Your image may be recorded on CCTV when you visit our physical store.

To offer the best website experience, we collect technical information about your internet connection and browser, as well as the country and phone code where your computer is located.

Your social media username, if you interact with us through these channels, to help us respond to your comments, questions, or feedback.

Educational details, such as studies, skills, knowledge of foreign languages, professional experience (only in cases where you apply for a job).

How We Use Your Data

We want to offer you the best possible experience during your transactions. To achieve this, it is necessary to have a complete picture of you by combining the data we have collected. Then, we use your data to offer you deals for products and services that you might be interested in.

Data protection legislation allows us to do the above within the framework of our legitimate interests and the need to understand our customers to provide them with a high level of service.

Of course, if you ever wish to change how we use your data, you will find details in sections 14 & 15 “What are your rights” and “How can you exercise your rights” below.

Remember, if you choose not to share your data with us or to refuse certain communication rights, we may not be able to provide some of the services you have requested. For example, if you asked us to inform you when a service is available again, we cannot serve you if you have withdrawn your general consent to receive updates from us.

Finally, we want to inform you that the processing of your data is carried out either by specifically authorized personnel of the Institute or through information technology and electronic devices by the Institute and, exceptionally, by third parties, who, having contractually committed to confidentiality and the protection of your data, carry out tasks strictly necessary for the purposes related to the use of our Websites, their services, and the sale of products through our Websites. Information about this can be found below in section 9 “Who are the recipients of your data? How are your data communicated?”

Below you will find details on how we use your data and why:

For providing information about the Websites, Apps, and services you request

Product or service orders: The Institute processes your data to fulfill its contractual relationship, to process orders for products and/or services, to provide customer service, to comply with legal obligations, to assert, raise or exercise legal claims. If we do not collect your data when completing the order from our physical store or our website, we will not be able to process your order and comply with our legal obligations. Your data may need to be transferred to third parties for the procurement or delivery of the product or service you have ordered. In addition, we may retain your data for a reasonable period of time to fulfill our contractual obligations, such as product returns, as provided for by relevant legislation.

User Account Creation: The Company processes your data to provide you with account functionalities and facilitate the conclusion of purchases of products and/or services.

Communication: The Institute uses your data to respond to requests/questions you submit, or/and complaints. The information you share with us allows us to manage your requests and respond to you in the best possible way. We may also keep a record of your requests/claims to us so that we can better respond to any future communication. We do this based on our contractual obligations to you, our legal obligations, and our legitimate interests in providing you with the best possible service and being able to improve our services based on your personal experience.

For the operation, improvement, and maintenance of our business activity, products, and services:

Development and improvement of systems and services for the products and services we provide. We do this based on our legitimate business interests. We want to offer you offers and proposals that are more relevant to your interests. To help us shape a better and more comprehensive understanding of you as a customer, we combine your personal data collected throughout our relationship, such as your purchase history both in our physical store and on our website. For this purpose, we also combine the data we collect directly from you with data we receive from third parties to whom you have consented to transfer this data to us. For example, by combining this data, it will help us tailor your experience and decide which inspiration or content to share with you. We also use anonymous data from customer purchase history to identify trends in various areas. To display the most interesting content on our website or in our apps, we will use the data we hold about your favorite products or services. This is done based on your consent to receive app notifications or – for our website – your consent to place cookies on your device. For example, we may display a list of services and products you have recently viewed or offer recommendations based on your purchase history and any other data you have shared with us. To send you research and evaluation requests so that we can improve our services. These messages will not include advertising content and do not require prior consent when sent by email or text message (SMS). We have a legitimate interest in doing so as it helps our products or services be more relevant to you. Of course, you are free to refuse to receive these requests from us at any time by updating your preferences in your online account.

For the protection of rights, assets, or security, both ours and third parties’:

Protecting your account from fraud and other illegal activities: This includes using your data to maintain, update, and protect your account. We also monitor browsing activity with us to quickly identify and resolve any issues and protect the integrity of our website. All of the above are part of our legitimate interest. For example, we check your password when you log in and use automated IP address monitoring to detect possible fraudulent entries from unexpected locations. Operating CCTV systems: In order to protect our customers, premises, assets, and partners from crime, we operate CCTV systems in our store that record images for security. We do this based on our legitimate business interests. If we detect any criminal activity or alleged criminal activity through the use of CCTV, fraud monitoring, and monitoring of suspicious transactions, we will process this data for the purposes of prevention or detection of illegal activities. Our goal is to protect our customers, employees, and partners from criminal activities. Processing payments and preventing malicious transactions: We do this based on our legitimate business interests. This also helps protect our customers from fraud.

For compliance with our legal obligations:

To comply with our contractual or legal obligations to exchange data with law enforcement. For example, following a court order to exchange data with judicial services. To send you communications required by law or necessary to inform you about changes to the services we provide. For example, updates regarding these privacy notices, product recall notices, and legally required information regarding your orders. These service messages will not include advertising content and do not require prior consent when sent by email or text message (SMS). If we do not use your personal data for these purposes, we cannot comply with our legal obligations.

For what purpose do we process your data?

We collect your data for the purposes of the products and/or services provided by our Company, particularly for: a) managing the sale of our products/services, e.g., communicating with you regarding product availability and the progress of your order, executing your order, shipping products, managing and scheduling appointments for service provision. b) compliance with obligations imposed by applicable law, e.g., tax legislation, e-commerce directive. c) monitoring, improving, and adapting to your preferences and choices regarding our products and/or services. d) sending administrative, technological, organizational, and/or commercial information about our products and/or services via electronic or traditional means. e) conducting customer satisfaction surveys, promoting our products/services, and sending informational newsletters about our products/services. f) evaluating applications and resumes for employment in our Company.

Who are the recipients of your Data – How are your Data shared?

Access to your Data is limited to absolutely necessary personnel of the Company, who are bound by confidentiality and cooperating businesses or third-party service providers, who process your Data as Data Processors on our behalf and according to our instructions.

Sharing of Data by the Company

The Company shares your Data with: Third-party service providers processing personal data on behalf of the Company, for example (indicatively mentioned) for email distribution, research and analysis, Google, Facebook, as well as managing certain services and elements. When we use third-party service providers, we enter into agreements requiring them to implement appropriate technical and organizational measures to protect your personal data. Other third parties, to the extent required for the following purposes: (i) compliance with a governmental request, court order, or applicable law, (ii) prevention of illegal use of our Websites and Apps or violations of our Terms of Use and policies, (iii) our protection from third-party claims, and (iv) contribution to the prevention or investigation of fraud cases (e.g., counterfeiting).

Sharing by you

When you use certain social media elements on our Websites or Apps, you may create a public profile including information such as username, profile picture, and city. You can also share content with your friends or the general public, including information about your interaction with the Company. We encourage you to use the tools we provide for managing sharing on the Company’s social media with the aim of controlling the information you make available through the social media elements of the Institute.

Below is the policy we apply to those with whom we share your Data in accordance with the above:

We only provide the information needed to perform their specific services. They may use your Data only for the precise purposes we define in our contract with them. We work closely with them to ensure that your privacy is respected and protected at all times. If we stop using their services, any of the data they hold will be deleted or anonymized.

For more information about sharing your Data with third parties, please contact our Data Protection Officer.

To exercise your rights or for any other reason related to the data processing conducted by the Institute and included in this notice, you can contact them at the email address info@insteco.gr or via the Institute’s postal address. Please indicate “For the Data Protection Officer” on the envelope.

How do we ensure that the Data Processors respect your Data?

Our Data Processors acting on our behalf have agreed and contractually committed to the Institute: to maintain confidentiality, not to send your Data to third parties without the Company’s permission, to take appropriate security measures, to comply with the legal framework for the protection of personal data, particularly Regulation 979/2016/EU (GDPR).

For how long do we retain your Data?

We keep your Personal Data for as long as necessary to fulfill the purposes defined in this Privacy Policy (unless a longer retention period is required by applicable law). Generally, this means that we will retain your personal data for as long as you have an account with or are served by our Company. At the end of this retention period, your data will be completely deleted or anonymized, for example, by aggregating it with other data, so that it can be used in an unrecognizable way for statistical analysis and business planning.

Some examples of customer data retention periods: Newsletter Your consent statement for receiving a newsletter is kept for as long as you receive newsletters from the Company and in any case not more than six months after the cessation of their sending.

Are your Data secure?

We are committed to safeguarding your Personal Data. Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to ensure the security and protection of your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum security.

Choosing not to receive Marketing Communications.

You can choose not to receive marketing communications from the Company by adjusting your preferences in your user account (my profile) on our Websites. You can also choose not to receive marketing communications by changing your email and SMS subscriptions by clicking the unsubscribe link or following the instructions included in the message. Alternatively, you can contact us using the contact details in the “Questions and Comments” section below.

In cases where we rely on our legitimate interests.

In cases where we process your personal data based on our legitimate interests, you can ask us to stop for reasons related to your particular situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your Personal Data.

How can you exercise your rights?

To exercise your rights, you can submit a relevant request to the Data Protection Officer at the Company’s postal address (Aristotelous 38, Athens 104 33) or at its email address info@insteco.gr with the subject “Exercise of Rights,” and we will ensure to review and respond to you as soon as possible. Exception: If you wish to correct your Data in your user account, you can log in and make any corrections/changes without the need to submit a Request. If you wish to withdraw your consent for receiving newsletters, you can do so by selecting the “To unsubscribe from the newsletter mailing list, click here” link located at the bottom of each newsletter. If you wish not to receive web push notifications from the Company, you can disable the option from your browser settings.

Identity verification

To protect the confidentiality of your information, we may ask you to verify your identity before proceeding with any request you make based on this Privacy Policy. If you have authorized a third party to make a request on your behalf, we will ask them to prove that they have your permission to act for this purpose.

When do we respond to your Requests?

We respond to your Requests free of charge without delay, and in any case within (1) one month from the date we receive your request. However, if your Request is complex or there is a large number of Requests from you, we will inform you within the month if we need an extension of (2) two more months within which we will respond to you. If your Requests are manifestly unfounded or excessive, especially due to their repetitive nature, the Company may impose a reasonable fee, taking into account administrative costs for providing the information or performing the requested action, or may refuse to give effect to the Request.

What law applies to the processing of your Data by us?

The applicable law is Greek Law, as shaped according to the General Data Protection Regulation 2016/679/EU, and in general the current national and European legislative and regulatory framework for the protection of personal data. The competent courts for any emerging disputes related to your Data are the Courts of Athens.

Where can you appeal if we violate the applicable law for the protection of your Personal Data?

You have the right to lodge a complaint with the Hellenic Data Protection Authority (postal address Kifisias 1-3, 115 23, Athens, tel. 210. 6475600, email address contact@dpa.com) if you believe that the processing of your Personal Data violates the current national and regulatory framework for the protection of personal data.

How will you be informed about any changes to this Policy?

We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will publish the update on our website. We encourage you to regularly read this Policy to understand how your Data is protected. This privacy policy was last modified on May 2, 2019.

Questions and Comments?

We hope that this Privacy Policy has helped you understand how we handle your Personal Data and your rights to control the handling by our Company.

If you have any questions that have not been covered, or comments and concerns you may have regarding our Privacy Policy, please contact our data protection officer who will be happy to assist you: Email at: info@insteco.gr or Letter to the Data Protection Officer at the address Aristotelous 38, Athens 104 33.

×

Product Enquiry