Your privacy is important to The Greek TreatBOX. This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

Identity of THE GREEK TREATBOX

Our website address is: https://thegreektreatbox.com. If there are any questions regarding this Privacy Policy you may contact us using the information below.

THE GREEK TREATBOX

Farmaki 3, 41222, Larisa, Greece

Phone: + 30 2410611144

E-mail: info@thegreektreatbox.com

Our customers may submit inquiries regarding personal data protection, privacy and security matters to CEO Makis Sotiroulis, The Greek TreatBOX,

dpo@thegreektreatbox.com

What personal data we collect and why we collect it

You may visit our site anonymously. If you choose to register on our website, four categories of data to and on behalf of you will be processed:

“Account data”

When you register for an account on our site, place an order, subscribe to our newsletter or respond to a survey, basic contact details are collected such as the e-mail address and name of your contact person, company name, address, phone number, VAT number, preferred language and currency, any purchase order number, any e-mail address of invoice receivers and masked credit card or bank account details.

“Configuration data”

We collect your direct input to our hosting service The Greek treatBOX (the “Service”) after login, like the domain name(s) of the website(s) where you implement the Service and configuration of the content, looks and behavior towards website visitors (“End Users”).

“End User Data”

Data generated by End Users browsing your website(s) using the Service. When an End User submits a consent from your website(s), the following data are automatically logged at thegreektreatbox.com:

  • The End User’s IP number in anonymized form.
  • The date and time of the consent.
  • User agent of the End User’s browser.
  • The URL from which the consent was submitted.
  • An anonymous, random and encrypted key value.
  • The End User’s consent state, serving as proof of consent.

The key and consent state are also saved in the End User’s browser in the first party cookie “CookieConsent” so that the website can automatically read and respect the End User’s consent on all subsequent page requests and future End User sessions for up to 12 months. The key is used for proof of consent and an option to verify that the consent state stored in the End User’s browser is unaltered compared to the original consent submitted to the The Greek TreatBOX.

If you activate the Service feature “bulk consent” to enable consent for multiple websites by a single End User submission, the Service will also store a separate random, unique ID with the End User’s consent. If all of the following criteria are met, this key will be stored in an encrypted form in the third party cookie

What do we use your information for?

Any of the information we collect from you may be used for one or more of the following purposes:

  • To personalize your experience (the information will help The Greek TreatBOX better respond to your individual needs);
  • To improve our website (The Greek TreatBOX continually strives to improve our website offerings based on the information and feedback we receive from our customers);
  • To enable secure login for you in the Service Manager at The Greek TreatBOX;
  • To establish a primary channel of communication with you;
  • To enable The Greek TreatBOX to issue valid VAT invoices and to process transactions (your information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the service requested);
  • To enable automated handling of the subscriptions;
  • To provide you with aggregated information on the choices of the End Users regarding accepted cookie types and generate a graphical representation in the Service Manager; and/or
  • To send periodic e-mails (The e-mail address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news (if accepted), updates, related product or service information, etc.)
  • If at any time you would like to unsubscribe from receiving future e-mails, you can cancel your account by senting an email “Cancel my account”.

Legal basis

EU General Data Protection Regulation (GDPR)

The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).

If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information.

Children’s Online Privacy Protection Act Compliance

The Greek TreatBOX is in compliance with the requirements of the Children’s Online Privacy Protection Act. We will not intentionally collect any information from anyone under 13 years of age. Our website, products and services are all directed at people who are at least 13 years old or older.

How do we protect your information?

The Greek TreatBOX implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.

1. Availability

The Service utilizes the extensive features of the hosting environment to ensure high availability, like full redundancy, load balancing, automatic capacity scaling, continuous data backup and geo-replication along with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated. No personal data is stored permanently outside The Greek TreatBOX.

2. Integrity

To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. E.g. all supplied credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential. For data in transit, the Service uses industry-standard transport protocols between devices and datacenters and within datacenters themselves.

3. Confidentiality

All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties.

Whenever personal data is accessed by authorized personnel the access is only possible over an encrypted connection. When accessing the data in a database, the IP number of the person accessing the data must also be pre-authorized to obtain access.

Any device being used to access personal data is login protected by The Greek TreatBOX’s corporate antivirus solution installed. If any personal data are temporarily stored on a device, the storage unit on the device must also be strongly encrypted.

On premise devices storing personal data temporarily is at all times, except when not being actively used or relocated under uninterrupted supervision, locked in a safe. Personal data are never stored on mobile media like USB sticks and DVD’s.

4. Transparency

The Greek TreatBOX will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used. The Greek TreatBOX will also provide the summaries of any independent audits of the Service.

5. Isolation

All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorized personnel. The Greek TreatBOX’s Security and Privacy Officer issues authorizations and maintains a log of granted authorizations.

6. The ability to intervene

The Greek TreatBOX enables your rights of access, rectification, erasure, blocking and objection mainly by providing built-in functions for data handling in the Service Manager, by offering the option to send instructions through The Greek TreatBOX’s helpdesk and also by informing about and offering the customer the possibility of objection when The Greek TreatBOX is planning to implement changes to relevant practices and policies.

The overall responsibility for data security lies with The Greek TreatBOX’s Data Protection Officer who educates and updates all personnel on the data security measures outlined in The Greek TreatBOX’s security handbook and this Privacy Policy.

7. Monitoring

The Greek TreatBOX uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.

System performance and availability is monitored from both internal and external monitoring services.

8. Personal Data breach notification

In the event that your data is compromised, The Greek TreatBOX will notify you and competent Supervisory Authority(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, any impact on the Service and The Greek TreatBOX ‘s action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Data retention

1. Data retention policy

Account Data will due to tax regulations be retained for up to five full fiscal years from your cancellation of your Service account.

Configuration Data and System Generated Data will be erased immediately when you cancel the Service account.

End User Data will be erased on an ongoing basis after 12 months from registration, and immediately when you cancel the Service account.

2. Data retention for compliance with legal requirements

You cannot require the greek TreatBOX to change any of the default retention periods, except for the reasons for erasure pursuant, but may suggest changes for compliance with specific sector laws and regulations.

3. Data restitution and/or deletion

No data except Account Data will be retained after the termination of the contract. You may request a data copy before termination.

4. What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Cooperation

Cybot will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.

Terms of Service

Please also visit our Terms of Service section establishing the use, disclaimers, and limitations of liability governing the use of our website.

Your consent

By using our site, you consent to this Privacy Policy.

Changes to our Privacy Policy

If we decide to change our Privacy Policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This Privacy Policy was last modified on January 20, 2020.

Complaint

You may at any time lodge a complaint with a supervisory authority regarding Cybot’s collection and processing of your personal data. In Denmark, you can lodge a complaint with the Danish Data Protection Agency.