Introduction

The company under the name “ANORAK HELLAS LLC” (hereinafter referred to as “ANORAK” or the “company”), with registered office at 371, Acharnai str., Ag. Eleftherios, Athens, ZIP code: 111 45, tel: +30 2102029338, e-mail: anorak@otenet.gr, TIN: 081635540, is the Data Controller.

ANORAK is a Greek company, being synonymous with waterproof protection for more than 40 years. Today, in the hands of the second generation of the family that created it, it is dynamically developing with steady values and high goals. ANORAK has two big categories of products:

ANORAK WEATHER PROTECTION© addressed to waterproof and windproof protection and concerns clothes for daily protection from weather conditions but also specialized series for the sea, hunting, motorization and working environments.

ANORAK HARM PROTECTION© which concerns equipment of personal protection based on the highest international standards.

Our company aims to the domestic but also the international market and our products are characterized by high quality and proper environmental management.

Our company operates an e-shop for the sale of its products.

In our everyday activities we process personal data which concerns natural persons, that may be:

  • Clients
  • Visitors of our website
  • Other interested parties (employees, providers)

Our company complies with the General Data Protection Regulation (2016/679 EU) and all European and national legislation which concerns the protection of personal data, electronic communications etc., and commits to ensure at any moment the protection of your personal data.

Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a manner incompatible with those purposes.

We collect personal data that is necessary for each purpose and process it lawfully, fairly and in a transparent manner in relation to the data subjects.

We ensure for the data to be, as far as possible, accurate and up-to-date and keep it only for the time necessary for the purposes for which it is processed.

In any case, the criterion we use to determine the storage period is based on and takes due account of the necessity of compliance with any relevant legal requirements, as well as the principle of data minimization.

We process personal data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

 

Collection, purpose, legal basis of the processing and duration of data storage.

  1. Data that we automatically collect through our website.

The website www.anorak.gr applies the SSL protocol (Secure Sockets Layer), which uses encryption methods of the data that are exchanged between two devices (usually between Computers), establishing a secure connection between them via the internet, resulting in the protection of your personal data.

When you visit our website, our server collects the so-called “log files” of the server and in particular:

  • Date and time of the website visit
  • Volume of the data sent in bytes
  • The browser and operating system you used for your visit to the website
  • Internet Protocol (IP address), when you access the website. The IP address along with the date and time of your visit are personal data, although we are not in position to locate you with this data alone.

The legal basis for collecting and maintaining the IP address in special files (“log files”) is our legal interest for the processing of this data in order to ensure network, data and services security from random events or illegal or notorious actions that can compromise the disposability, authenticity, integrity and confidentiality of the saved or transmitted data (i.e. ddos attack “denial of service”), as well as our legal obligation to provide a more safe environment for the processing of your personal data (GDPR article 6 paragraph 1 element f and c). The data will not be transferred or used in any other way. However, we maintain the right to examine the browser log files in case there is evidence of unauthorized use.

  1. Customers data

When you visit our Company, we may collect your personal data such as name, surname, telephone, e-mail and other information for communication purposes.

The purpose of the processing of your data is the sale to you of the requested products and the legal basis of the processing is the performance of the contract between us (article 6 paragraph 1b of GDPR). Duration of maintenance of your data is the time defined by the fiscal legislation.

  1. Data we collect via e-mail or via our contact form or from our newsletter

When we communicate with you via e-mail or through the contact form of our website or when we send to you our newsletter, we collect your name, your e-mail address and any other information you provide us with. This data is stored and used in order to respond to your request exclusively. The legal basis for the processing of your personal data is your consent (article 6 paragraph 1a of GDPR). Your data will be deleted after the conclusion of our communication. This will happen once the purpose of our communication is met, provided that there are no legal requirements for the storage of this data.

  1. Processing of data from purchases through our e-shop

If you purchase any products through our e-shop, we may process your data with the purpose of preparing your order, thus the legal basis of the processing will be the performance of the contract pursuant to article 6 paragraph 1b of GDPR. In any case, after the completion of the purchase and delivery of the products, you may request the deletion of your account and data, by sending an e-mail to the above mentioned address of the Data Controller and your data will be deleted, except for the data which is required for fiscal and evidentiary reasons.

To complete your purchase, you shall need to sign in to the e-shop, so we will collect the necessary data for the performance of your purchase, that is, your name and surname, full billing and shipping address, e-mail, telephone. We might also collect information that concerns instructions for the delivery of the products.

As regards the payment of the products that you purchase with credit/ debit cards, PayPal or bank transfer, the payment system that our company uses does not save cards or accounts data into a database. Payment by card is processed by the secure payment platform of our partner credit institution or PayPal.

  1. Supplier data

For the performance of our contract, we collect our suppliers’ data, such as name and surname, company name, address, contact information, shipment information, financial data, with which you provide us. The legal basis for the processing of your data is the performance of the contract and our compliance with the legal obligations (Article 6 paragraph 1b and 1c of GDPR); we maintain the data for a period of up to 12 years from the last provision of services, or as long as it is required by the fiscal or any other legislation.

  1. Submission of CV

When submitting a CV to our Company online or at our offices, you provide us with your personal data that is included in your CV, such as your name and surname, education, experience, professional skills and preferences etc., as well as any other information you choose to disclose, such as your photograph. We maintain your personal data for a period of up to 3 years, in order to examine the possibility of hiring you and the legal basis for the processing of your personal data is your consent, along with your request before you sign a contract with us (article 6 paragraph 1a and 1b of GDPR).

Who has access to your data. Transfer of data.

Your data is accessible to all our employees, as well as to any other person who is authorized to process your data while exercising their duties. Furthermore, we cooperate with third persons, natural or legal, professionals, independent consultants etc., who provide us with commercial, professional or technical services (i.e. web hosting, accounting services, courier services) for the above-mentioned purposes and support our Company in whole or in part, with respect to our activities. Case-by-case, the third parties will act as Joint or Independent Data Controllers, Data Processors or authorized people to process the personal data for the same above-mentioned purposes, with the same security measures and according to the applicable legal obligations.

Before the access of the third party to the personal data transferred by us, it is needed that: (1) we complete a privacy check, in order to evaluate the privacy practices and the risks relating to the third parties, (2) we obtain contractual warranties from these third parties that they will process the personal data that we transfer to them in accordance with our instructions and in accordance with this Policy and applicable law, that they will immediately notify our Company of any Privacy or Security incidents, failure to comply with the standards set out in this Policy and the applicable legislation; that they will cooperate in remedying any such incident, that they will help us respond to the exercise of the rights of individuals set out below and that they will allow the Data Controller to control their processing with regard to compliance with these requirements.

Finally, the data may be further transferred to public authorities and facilities, as well as to legal advocates (legal counsels and insurance companies), for legal purposes.

Except for all the above, your personal data will not be disclosed to any third parties, individuals or legal persons.

Our Company does not transfer Personal Data outside the European Union and if need be (i.e. in order to use Cloud services), such transfer will take place under the terms and conditions provided for in Articles 44 et seq. of GDPR, as well as with your consent and the application of standard contractual clauses which are approved by the European Union or in countries that are characterized as “safe” by the European Union.

Minors’ Data

Our Company does not process minors’ personal data.

What are your rights in relation to your personal data

You reserve the right of access, rectification, erasure, portability of your data, restriction and objection to processing and the right to lodge a complaint with the Personal Data Protection Authority (www.dpa.gr), which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of the subject’s personal data.