Privacy Policy

1. Introduction

AXINAR S.A. (hereinafter “the Company”, “we”, “us”) respects the privacy of visitors and users of our website at www.axinar.com (hereinafter “Website”) and is committed to protecting their personal data.

This Privacy Policy (hereinafter “Policy”) explains how we collect, use, store, protect, and share your personal data when you visit our Website or purchase products from our online store.

This Policy complies with the General Data Protection Regulation (GDPR) 2016/679 of the European Union, Law 4624/2019, and applicable Greek legislation on the protection of personal data.

Please read this Policy carefully. Use of our Website constitutes acceptance of the terms of this Policy.

2. Data Controller

As data controllers, we are committed to protecting your personal data and complying with all legal obligations under the General Data Protection Regulation (GDPR) and applicable Greek legislation.

Contact details of the data controller:

Company name: AXINAR S.A.
Address: ViPa Oraiokastrou 57013, Thessaloniki, Greece
Telephone: +30 2310808159
Email: anastasia@axinar.com

Data Protection Officer (DPO): Anastasia Housmekeridou

3. What Personal Data We Collect

3.1 Data You Provide Voluntarily

We collect the following personal data that you provide to us voluntarily:

For creating a user account: full name, email address, password.

For processing orders: full name, shipping address, billing address, telephone number, email address, payment details.

For contact via our contact form: full name, email address, telephone number, message content.

For newsletter subscription: email address.

3.2 Data Collected Automatically

When you browse our Website, we automatically collect certain information using cookies and similar technologies, including:

– IP address
– Browser type and version
– Device type and operating system
– Pages you visit on our Website
– Date and time of your visit
– Time spent on each page
– Links you follow
– Browsing preferences

For more information about the cookies we use, please refer to the “Cookies” section below.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 Performance of Contract and Service Provision

– Creating and managing your account
– Processing and fulfilling your orders
– Shipping the products you purchased
– Issuing invoices and receipts
– Providing customer support
– Managing returns and warranties

4.2 Legitimate Interests of the Company

– Improving the Website and our products/services
– Analysing user behaviour to optimise the user experience
– Managing and resolving legal disputes
– Fraud prevention and Website security
– Internal administration and operation of the Company

4.3 Consent

– Sending newsletters and promotional communications
– Conducting customer satisfaction surveys
– Use of cookies that are not strictly necessary for the operation of the Website

4.4 Legal Obligations

– Compliance with tax and accounting obligations
– Compliance with other legal obligations provided for by applicable legislation

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

Performance of a contract (Article 6(1)(b) GDPR): where processing is necessary for the performance of the sales contract or service agreement to which you are a party.

Legitimate interests (Article 6(1)(f) GDPR): where processing is necessary for the purposes of the legitimate interests pursued by the Company, except where such interests are overridden by your interests or fundamental rights and freedoms.

Consent (Article 6(1)(a) GDPR): where you have given your consent to the processing of your personal data for one or more specific purposes.

Legal obligation (Article 6(1)(c) GDPR): where processing is necessary for compliance with a legal obligation to which the Company is subject.

6. Retention Period for Personal Data

We retain your personal data only for as long as is necessary to fulfil the purposes described in this Policy or as required by law:

– User account data: For as long as you maintain an active account on our Website and for 12 months after your last activity.
– Order and transaction data: For 10 years in accordance with tax and accounting obligations.
– Contact form data: For 2 years from the last communication.
– Marketing data (newsletter): Until you withdraw your consent.
– Browsing data and cookies: Depending on the type of cookie, from one session up to 2 years (see the “Cookies” section).

After the above periods expire, your personal data is deleted or anonymised securely.

7. Disclosure and Transfer of Personal Data

7.1 Disclosure to Third Parties

We may disclose your personal data to the following categories of recipients:

Service providers: we work with third-party companies that provide services such as website hosting, database management, payment processing, product shipping, email marketing services, etc.

Professional advisers: accountants, lawyers, auditors, and other advisers who provide professional services to us.

Public authorities: where required by law or in the context of legal proceedings (e.g. judicial authorities, tax authorities).

Corporate successors: in the event of a merger, acquisition, or transfer of all or part of the Company’s assets.

We require all third parties to respect the security of your personal data and to process it in accordance with applicable data protection legislation. We do not allow our service providers to use your personal data for their own purposes and permit them to process your personal data only for specified purposes and in accordance with our instructions.

7.2 International Transfers

Some of the service providers we work with may be located outside the European Economic Area (EEA). Specifically, we may transfer personal data to the following countries/organisations:

– United States of America: Google LLC (Analytics services), Amazon Web Services (data hosting), Stripe (payment processing)
– United Kingdom: MetaPack (shipment management)
– Switzerland: ProtonMail (email services)

In these cases, we ensure that the transfer of your personal data is carried out in accordance with the GDPR and applicable legal provisions, using appropriate safeguards such as:

– Adequacy decisions by the European Commission (e.g. for Switzerland)
– Standard contractual clauses approved by the European Commission (for the USA and the United Kingdom)
– Binding corporate rules for intra-group transfers
– EU-US Data Privacy Framework certification (for certain US providers)

For more information about transfers of your personal data outside the EEA and the safeguards we apply, please contact us using the contact details provided at the end of this Policy.

8. Cookies

8.1 What Are Cookies

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit our Website. Cookies help us provide a better and more personalised user experience.

8.2 Types of Cookies We Use

We use the following types of cookies on our Website:

Strictly necessary cookies: these are essential for the Website to function and cannot be switched off in our systems. They are usually set only in response to actions you take, such as setting your privacy preferences, logging into your account, or filling in forms. You can set your browser to block these cookies, but some parts of the Website will not function properly as a result.

Preference cookies: these allow the Website to remember choices you make (such as your username, language, or region) and provide enhanced, more personalised features.

Statistics/analytics cookies: these help us understand how visitors interact with our Website by collecting and reporting information anonymously. We use services such as Google Analytics to analyse Website usage data.

Marketing cookies: these are used to track visitors across websites. The purpose is to display advertisements that are relevant and engaging for the individual user and therefore more valuable for third-party publishers and advertisers.

8.3 Managing and Disabling Cookies

On your first visit to our Website, you will be asked to accept or decline the use of non-essential cookies via the cookie banner.

You can change your cookie preferences at any time via the “Cookie Settings” link at the bottom of the Website.

In addition, most browsers allow you to control most cookies through their settings. Learn more about how to manage cookies at the following links:

Chrome | Firefox | Internet Explorer | Safari | Edge

Please note that disabling certain cookies may affect the functionality of our Website.

9. Security of Personal Data

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include, among others:

– Data encryption where necessary
– Regular testing, assessment, and evaluation of the effectiveness of security measures
– Restricted access to your personal data by authorised personnel only
– Training of our staff on data protection
– Security policies and incident management procedures

Please note, however, that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although we make every effort to protect your personal data, we cannot guarantee its absolute security.

10. Your Rights

Under the GDPR and applicable data protection legislation, you have the following rights regarding your personal data:

Right of access: you have the right to receive a copy of the personal data we hold about you and to verify the lawfulness of the processing.

Right to rectification: you have the right to request the correction of inaccurate or incomplete personal data concerning you.

Right to erasure: you have the right to request the deletion of your personal data under certain conditions.

Right to restriction of processing: you have the right to request the restriction of processing of your personal data under certain conditions.

Right to data portability: you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to object: you have the right to object to the processing of your personal data under certain conditions, in particular where data is processed for direct marketing purposes.

Right to withdraw consent: you have the right to withdraw your consent to the processing of your personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) if you believe that the processing of your personal data violates the provisions of the GDPR or other data protection laws.

To exercise any of the above rights, please contact us using the contact details provided at the end of this Policy. We will respond to your request within one month of receipt, unless additional time is required due to the complexity of the request, in which case we will inform you accordingly.

11. Protection of Minors

Our Website is not directed at individuals under the age of 16, and we do not knowingly collect personal data from minors under the age of 16 without the consent of their parent or guardian.

11.1 Parental/Guardian Consent

Where a minor under the age of 16 wishes to use our services (e.g. to make a purchase), the explicit consent of a parent or guardian is required. The consent process includes:

– Completion of a specific consent form by the parent/guardian
– Verification of the parent’s/guardian’s identity (e.g. via email verification or another method)
– Secure recording of consent
– Ability to withdraw consent at any time

Where we have received parental/guardian consent, we limit the collection and processing of the minor’s personal data to what is strictly necessary for the provision of our services.

11.2 Special Protection Measures

We take additional measures to protect minors:

– Disabling promotional activities and advertising directed at minors
– Limiting the collection of personal data to the minimum necessary
– Additional security checks for minors’ accounts
– Immediate response procedures for requests from parents/guardians

If you are a parent or guardian and believe that your minor child has provided us with personal data without your consent, please contact us and we will take immediate steps to remove such information from our records.

12. Changes to the Privacy Policy

We reserve the right to modify this Policy from time to time to reflect changes in our business practices, legal requirements, or for other operational, legal, or regulatory reasons.

The date of the last update to the Policy will be shown at the bottom of the page. We encourage you to visit this Policy regularly to stay informed of any changes.

In the event of material changes to the Policy that affect your rights or the way in which we process your personal data, we will notify you via the Website and/or by email before the changes come into effect.

13. Contact

If you have any questions, comments, or concerns about this Policy or the way in which we process your personal data, please do not hesitate to contact us:

AXINAR S.A.
Data Protection Officer (DPO): Anastasia Housmekeridou
Address: ViPa Oraiokastrou 57013, Thessaloniki, Greece
Telephone: +30 2310808159
Email: anastasia@axinar.com

Last updated: 14/05/2025

—

Automated Decision-Making and Profiling

1. Introduction and Definitions

As part of our commitment to transparency and compliance with the General Data Protection Regulation (GDPR), we provide the following information regarding automated decision-making and profiling on our website.

1.1 Definition of Automated Decision-Making

“Automated decision-making” refers to the process of making decisions by automated means without human intervention, based on the processing of personal data.

1.2 Definition of Profiling

In accordance with Article 4(4) GDPR, “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s preferences, interests, behaviour, location, or movements.

2. Use of Automated Decision-Making and Profiling

2.1 Cases of Use

Our Company uses the following forms of automated decision-making and profiling:

Content personalisation: we analyse user preferences and browsing behaviour to tailor the content of our website to their interests.

Targeted advertising: we use browsing and interaction data to display relevant advertisements that may be of interest to users.

User behaviour analysis: we analyse usage patterns to improve our services and better serve users.

Request assessment: we use automated systems to assess user requests (e.g. applications for specific services, eligibility for offers).

Fraud detection: we use automated systems to detect and prevent fraudulent activity and security breaches.

2.2 Data Used

For the above purposes, we may process the following types of data:

– Browsing data (pages visited, time spent, clicks)
– Demographic information (such as age, gender, location, where provided)
– Purchase history and/or interaction history with our services
– Preferences declared by the user
– Technical details (device, operating system, internet service provider)

3. Implications and User Rights

3.1 Implications for Users

The automated decision-making and profiling we carry out:

– Affects the content and advertisements the user sees on our website
– May affect the notifications and offers they receive

We ensure that our automated processes:

– Do not introduce discrimination
– Are fair and transparent
– Are based on accurate and up-to-date data

3.2 User Rights

Under the GDPR, you have the following rights regarding automated decision-making and profiling:

Right to information: to receive clear information about the use of automated processes.

Right to object: to object to profiling for direct marketing purposes (Article 21 GDPR).

Right not to be subject to automated decisions: not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Article 22 GDPR).

Right to human intervention: to request human intervention in cases of significant decisions taken by automated means.

Right to express your point of view: regarding decisions taken by automated means.

Right to contest: to contest an automated decision.

4. Exceptions and Legal Basis

In certain cases, we may use automated decision-making, including profiling, where:

– It is necessary for the entry into or performance of a contract between you and us
– It is authorised by European Union or Member State law and appropriate measures have been put in place to safeguard your rights, freedoms, and legitimate interests
– It is based on your explicit consent

5. Exercising Your Rights

To exercise any of the above rights regarding automated decision-making and profiling, please contact us at:

Email: e-commerce@axinar.com
Telephone: +30 2310808159

We are committed to responding to your request within one (1) month of receipt. In the case of complex or multiple requests, we may require up to three (3) months to respond, but we will inform you within the first month.

6. Updates to This Policy

This policy on automated decision-making and profiling may be updated periodically. In the event of material changes, we will notify you via our website or by email, where we hold your contact details.

Last updated: 14/05/2025