Privacy policy

01. SUBJECT MATTER

The company under the name “ANTONIOS DROSOS & ANTHOULI DIONYSIA O.E.” and the trade name “MELISSA HONEY WORKSHOP DROSOS - ANTHOULI” (hereinafter the “Company”), headquartered in Kefalos, Kos, as the Data Controller, considers the security and protection of your personal data a top priority, regardless of the capacity in which you communicate or cooperate with us, including but not limited to prospective or active customers, employees, suppliers, professionals, private individuals, consumers, or collaborating third parties.

Your personal data includes any information that can lead, directly or indirectly in combination with other data, to your unique identification or to locating you as a natural person. This category includes, but is not limited to, details such as your full name, tax identification number (TIN), social security number, physical and electronic addresses, landline and mobile phone numbers, bank/debit/prepaid card numbers, email addresses, transaction data, telephone and online communications, payment data, device identifiers or terminal equipment such as POS, computers, smartphones, tablets, your web browsing history (log files, cookies, etc.), and any other information that allows your unique identification under t

02. PERSONAL DATA WE COLLECT

We process and protect your personal data in accordance with the law when you contact us and/or purchase our products or services directly or online, whether for providing you with information, value-added services to the end user (B2C), services on behalf of third parties (B2B), or to receive other services, including informational, entertainment, e-government, mobile marketing, and information or services related to any other company activity.

03. METHODS OF COLLECTING PERSONAL DATA

The Company collects your personal data upon acceptance of the terms of use of each of our services, such as:

  • when you call our numbers or short codes, send us emails, or fill out an application or order form
  • when you communicate with our offices, Company staff, or our call center, either for purchases or to express opinions, complaints, or feedback
  • when you send us the postal address for invoicing or delivery of services as well as details for home delivery of your order
  • when you purchase a product and/or service, to verify your age and confirm whether you are legally permitted to validly contract with us, or if parental or guardian consent/signature is required
  • when you voluntarily register in printed or electronic catalogs to receive printed, electronic, or SMS informational material or other marketing material, to update your preferences, or when participating in contests, questionnaires, and surveys
  • when you visit our websites through which, with your explicit consent, we collect information from your terminal device via cookies, such as your Internet Protocol (IP) address, operating system, browser type and version, etc.
  • when we receive documents, requests, orders, legal documents, warrants, etc. from third-party bodies such as supervisory, prosecutorial, judicial, and tax authorities for the investigation of crimes and your protection against fraud or combating all forms of criminal activity and prevention of infringement of legal interests

04. PURPOSES OF COLLECTION AND PROCESSING OF PERSONAL DATA

The Company will use your information for the following lawful processing purposes (according to Article 6 GDPR), as applicable, based on your explicit consent which you may freely withdraw at any time, or for the performance of a contract or pre-contractual relationship with us, or for the legitimate interest of the Company, or for the protection of your vital interests, namely:

  • To manage your calls seeking information in order to complete your requests, purchases, and orders.
  • To respond to your requests and inquiries regarding our products/services, as well as to inform you and respond to your suggestions and comments about improving our products and services.
  • To notify you of the results of surveys, draws, and competitions in which you may have participated.
  • To analyze the traffic on our websites and improve your experience, as well as to provide you with information related to products, services, special offers, and promotional activities.
  • For our internal operations and analysis such as internal management, fraud prevention, and use by administration, invoicing, accounting, billing, and control information systems.
  • Installation of monitoring systems (closed-circuit cameras - CCTV) for the prevention of criminal acts and the protection of persons and property.
  • Creation of lawful claims and preparation of our defense in legal disputes.
  • Measures and procedures taken to ensure the security of our systems and to prevent potential criminal activities.
  • Measures and procedures for the development of new services and the expansion/management of our activities.
  • For communication and informing our customers about new services or offers.
  • For the provision of technical support.
  • Management of Company risks.

You may change your preferences at any time by sending a relevant request to the following email address: privacy@melissa-kos.com.

05. PRINCIPLES OF COLLECTION AND PROCESSING OF PERSONAL DATA

This Privacy Policy aims to inform you about the terms of collection, processing, and transfer of your personal data that we may collect as Data Controllers or Processors. The Company and its trained personnel implement the ten Processing Principles of the GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability). The Company protects and ensures your eight Rights regarding the use of your Personal Data (information, access, rectification, deletion, restriction of processing, portability, objection, and the right not to be subject to automated decision-making including profiling, as specified under Greek law). The above principles apply without discrimination and cover all processing activities we carry out and all services we provide.

06. CONSENT

If you have given us your explicit consent for processing (other than the reasons mentioned above), the lawfulness of this processing is based on that consent. You have the right to withdraw your consent at any time. However, any processing of personal data carried out prior to receiving your withdrawal shall not be affected.

07. MINIMIZATION – STORAGE – DELETION OF PERSONAL DATA

The Company will always request the minimum personal data required by law for you to access our electronic platforms and services, to purchase products/services, to communicate via websites with other users, or to participate in contests and promotional activities.

Our Company retains your personal data for as long as required by the contractual terms of each service, in accordance with applicable law and based on the specific processing purpose, after which the data is anonymized or destroyed. You can inform us and inquire about which data we collect about you and request correction or deletion by submitting a relevant application we provide, unless retention is legally required for tax, evidentiary, or judicial purposes and for the prosecution of illegal acts.

08. DATA TRANSFER TO THIRD PARTIES

As a general rule, our Company does not transfer your personal data to third parties, except when we act as intermediaries and to the extent necessary to complete your order and fulfill requests related to the services we provide. Such third parties may include official state and supervisory authorities (e.g., law enforcement and prosecutorial authorities, Cybercrime Division, Data Protection Authority, Hellenic Telecommunications and Post Commission, Hellenic Authority for Communication Security and Privacy), when required by law or to prevent unlawful acts against us or our customers (e.g., telecommunications fraud, defamation, infringement of personality rights, etc.). Other third parties may include telecommunications companies, television stations, cloud providers, professional associations, banks to which credit and debit card data are transferred, social media providers, audiovisual content providers, ferry companies, and other global distribution systems.

Our Company selects reliable providers and strives to impose contractual restrictions on third parties receiving your personal data to ensure their lawful use. However, we cannot guarantee that these data will not be used or disclosed without your permission. For this reason, we recommend that you carefully review the privacy practices of any third-party providers or suppliers whose products or services you purchase through our websites.

In order to process your data, it may be necessary to transfer your information to other countries, including primarily countries within and, in exceptional cases, outside the European Economic Area (EEA), based on EU adequacy decisions, binding corporate rules, standard contractual clauses, and approved codes of conduct.

09. PERSONAL DATA SECURITY

In all cases, we take appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your data. Our goal is to guarantee that your personal information is transferred, stored, and processed in accordance with suitable international security standards and procedures. The Company maintains appropriate security policies and uses adequate technical and operational tools, such as data encryption, access control levels, authorized personnel, trained staff, periodic audits, and compliance with international security and business continuity standards.

Specifically, the online store "melissa-kos.com" uses SSL (Secure Sockets Layer) technology. SSL is the worldwide standard for website authentication on the internet. With this technology, any information you enter on our site is encrypted before being transmitted online, thereby protecting your personal information during transfer.

All card payments are processed through the CARDLINK electronic payment platform, which uses TLS 1.2 encryption with 128-bit SSL (Secure Sockets Layer) encryption protocol. Information sent via SSL is protected by a mechanism that automatically verifies whether data has been altered during transmission.

Encryption is essentially a way to encode information until it reaches its intended recipient, who can then decode it using the appropriate key. Additional personal security is provided by the username and personal password you create when you become a member of "melissa-kos.com". This ensures that each time you use them, you have secure access to your personal data. When placing an order while logged in with your username and password on "melissa-kos.com," the communication between your computer and our systems is encrypted using a 128-bit key. That is, each time you send information to the system, your browser encrypts it with the 128-bit key before transmitting it.

Please be cautious when making transactions with your credit cards and never disclose your PIN to anyone. Likewise, you must keep your username and password confidential and never share them with third parties to prevent unauthorized access to your data.

Security tip: When creating your personal password, use a combination of symbols and alphanumeric characters. For security reasons, you should change your password regularly and avoid easily guessable passwords (e.g., phone numbers, birth dates, etc.).

Any of our partners who have access to the above information use it solely to serve the purposes described. We share the information you provide only as described in this policy and according to your explicit and specific consent for each type of processing, which you may freely revoke at any time by contacting us.

10. TARGETED ADVERTISING

Provided you have given us written consent, we may use your personal data along with other information we have collected, following human intervention by our commercial department, to display advertisements related to your apparent preferences on our website or on other websites.

However, we do not use automated tools to track and evaluate your consumer profile or overall preferences in combination with other personal information (such as your email address) to display advertisements or send you personalized offers. Additionally, we do not share your personal data with third parties for them to send you similar advertisements, unless you have explicitly given written consent to do so. If you wish to stop receiving updates or offers, you can send a request to the following email address: privacy@melissa-kos.com.

11. LINKS TO THIRD-PARTY WEBSITES

Our company’s websites may contain links to other websites operated by third-party independent entities, such as telecommunications companies, content providers, payment service providers, our suppliers, etc. These websites are solely operated and maintained by those third parties and are not controlled by us, as stated above. Therefore, we bear no responsibility whatsoever for the content, actions, or policies of these websites. We kindly ask you to carefully read the respective privacy policies of the websites you visit, as they may differ significantly from ours.

The Company does not allow the use of our website or services for sending bulk or unsolicited commercial emails (spam). Additionally, we do not permit the sending of messages to or from our customers that use or contain invalid or forged headers, invalid or non-existent domain names, techniques to obscure the origin of any message, false or misleading information, or that violate the terms of website use. We do not allow, under any circumstances, the collection of email addresses or general information of our customers and subscribers via our website or services. We also do not authorize any attempt to use our services in a manner that could harm, disable, overload any part of our services or interfere with anyone legitimately using our services.

If we determine that there is any unauthorized or inappropriate use of any of our services, we may, without notice and at our sole discretion, take appropriate measures to block messages from a specific internet domain, email server, or IP address. We reserve the right to immediately delete any account that, at our sole discretion, transmits or is linked to the transmission of any messages violating this policy.

12. RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA

You have the following rights concerning the personal data we hold about you:

1. The right to access your personal data. This allows you, for example, to obtain a copy of the personal data we hold about you and to verify that we process it lawfully. To request a copy, you may contact us at the following email address: privacy@melissa-kos.com.

2. The right to request correction of the personal data we hold about you. This allows you to correct any incomplete or inaccurate data we have.

3. The right to request deletion of your personal information (known as the “right to be forgotten”). This allows you to ask us to delete your personal data when there is no valid reason for us to continue processing it.

4. The right to object to the processing of your personal data (known as the “right to object”) when our processing is based on legitimate interests but there is something specific about your situation that leads you to object to such processing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You also have the right to object to the processing of your data for direct marketing purposes. This includes profiling to the extent it relates to direct marketing. If you object to processing for direct marketing, we will stop processing your personal data for these purposes.

5. The right to request restriction of processing of your personal data. This allows you to ask us to restrict the processing of your personal data—i.e., to use it only in certain cases—if:

a. the data is inaccurate,
b. the processing is unlawful but you do not want the data deleted,
c. we no longer need the data but you require it to establish, exercise, or defend legal claims,
d. you have already objected to processing and are awaiting confirmation whether we have overriding legitimate grounds to continue processing.

6. The right to receive a copy of the personal data concerning you in a structured, commonly used, and machine-readable format, to transmit the data to other organizations. You also have the right to request that we directly transfer your personal data to another organization you designate (known as the “right to data portability”).

7. The right to withdraw your consent to the processing of your personal data at any time, easily and immediately. Please note that withdrawing consent does not affect the lawfulness of processing based on your consent prior to withdrawal. To exercise any of your rights, please note that requests for access, deletion, etc., are handled through the form referenced above (click here). Requests sent via email cannot be processed due to volume and the need to verify your identity before acting on your request. This is an important security measure to ensure personal data is not disclosed to unauthorized individuals.

You will not be charged a fee to access your personal data or exercise any other rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with such requests. Additionally, to the extent you have this right, you are entitled to lodge a complaint directly with the relevant supervisory authority, the Hellenic Data Protection Authority, at dpa.gr.

If you have any further questions regarding our use of your personal data, you may contact our company at the following email address: privacy@melissa-kos.com.

13. RIGHT TO FILE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY

If you have exercised any or all of your data protection rights and still feel that your concerns regarding how we use your personal data have not been satisfactorily addressed, you have the right to file a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

14. CONTACT FOR QUESTIONS AND COMMENTS

If you have any questions or comments regarding this privacy and data protection policy, or if you believe we have not followed the principles set forth herein, please send us an email at the following address: privacy@melissa-kos.com.

15. VALIDITY OF THE SECURITY AND PERSONAL DATA PROTECTION POLICY

This policy may be modified or revised at any time, and the most recent version shall always be considered the valid one. We recommend that you regularly check this page.