Privacy Policy

1. INTRODUCTION

AXINAR SA (hereinafter “the Company”, “we”, “us”) respects the privacy of visitors and users of our website at www.axinar.com (hereinafter the “Website”) and is committed to protecting their personal data.

This Privacy Protection Policy (hereinafter the “Policy”) explains the ways in which we collect, use, store, protect and share your personal data when you visit our Website or purchase products from our online store.

This Policy complies with the General Data Protection Regulation (GDPR) 2016/679 of the European Union, Greek Law 4624/2019 and applicable Greek legislation on the protection of personal data.

Please read this Policy carefully. Use of our Website constitutes acceptance of the terms of this Policy.

2. DATA CONTROLLER

As data controllers, we are committed to protecting your personal data and to complying with all legal obligations under the General Data Protection Regulation (GDPR) and the applicable Greek legislation.

Contact details of the data controller:

• Name: AXINAR SA

• Address: VIPA ORAIOKASTROU 57013 Thessaloniki, Greece

• Phone: 2310808159

• Email: anastasia@axinar.com

• Data Protection Officer (DPO): Anastasia Chousmekeridou

3. WHAT PERSONAL DATA WE COLLECT

3.1 Data you provide voluntarily

We collect the following personal data that you provide to us voluntarily:

• To create a user account: full name, email address, password.

• To process orders: full name, shipping address, billing address, phone number, email address, payment details.

• For communication via the contact form: full name, email address, phone number, message content.

• For newsletter subscription: email address.

3.2 Data collected automatically

During your browsing of our Website, we automatically collect certain information through the use of cookies and similar technologies, such as:

• IP address

• Browser type and version

• Device type and operating system

• Pages you visit on our Website

• Date and time of your visit

• Time spent on each page

• Links you follow

• Browsing preferences

For more information about the cookies we use, please refer to the “Cookies” section below.

4. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

4.1 Contract performance and service provision

• Creating and managing your account

• Processing and fulfilling your orders

• Shipping the products you have purchased

• Issuing invoices and receipts

• Providing customer support

• Managing returns and warranties

4.2 Legitimate interests of the Company

• Improving the Website and our products/services

• Analysing user behaviour to optimise the user experience

• Managing and resolving legal disputes

• Fraud prevention and Website security

• Internal administration and operation of the Company

4.3 Consent

• Sending newsletters and promotional messages

• Conducting customer satisfaction surveys

• Use of cookies that are not strictly necessary for the operation of the Website

4.4 Legal obligations

• Compliance with tax and accounting obligations

• Compliance with other legal obligations provided for by applicable legislation

5. LEGAL BASIS FOR PROCESSING

We process your personal data on the following legal bases:

• Performance of a contract (Article 6(1)(b) GDPR): when processing is necessary for the performance of a contract for the sale or supply of services to which you are a party.

• Legitimate interest (Article 6(1)(f) GDPR): when processing is necessary for the purposes of the legitimate interests pursued by our Company, except where such interests are overridden by your interests or fundamental rights and freedoms.

• Consent (Article 6(1)(a) GDPR): when you have given your consent for the processing of your personal data for one or more specific purposes.

• Legal obligation (Article 6(1)(c) GDPR): when processing is necessary for compliance with a legal obligation to which our Company is subject.

6. PERSONAL DATA RETENTION PERIOD

We retain your personal data only for as long as is necessary to fulfil the purposes described in this Policy or as required by law:

• User account data: For as long as you maintain an active account on our Website and for 12 months after your last activity.

• Order and transaction data: For 10 years in accordance with tax and accounting obligations.

• Contact form communication data: For 2 years from the last communication.

• Marketing data (newsletter): Until withdrawal of your consent.

• Browsing data and cookies: Depending on the type of cookie, from one session up to 2 years (see “Cookies” section).

After the above periods, your personal data is securely deleted or anonymised.

7. DISCLOSURE AND TRANSFER OF PERSONAL DATA

7.1 Disclosure to third parties

We may disclose your personal data to the following categories of recipients:

• Service providers: we work with third-party companies that provide us with services such as website hosting, database management, payment processing, product shipping, email marketing services, etc.

• Professional advisors: accountants, lawyers, auditors and other advisors who provide us with professional services.

• Public authorities: where required by law or in the context of legal proceedings (e.g. judicial authorities, tax authorities).

• Corporate successors: in the event of a merger, acquisition or transfer of all or part of the Company’s assets.

We require all third parties to respect the security of your personal data and to process it in accordance with the applicable data protection legislation. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specific purposes and in accordance with our instructions.

7.2 International Transfers

Some of the service providers we work with may be located outside the European Economic Area (EEA). Specifically, we may transfer personal data to the following countries/organisations:

• United States of America: Google LLC (Analytics services), Amazon Web Services (data hosting), Stripe (payment processing)

• United Kingdom: MetaPack (shipment management)

• Switzerland: ProtonMail (email services)

In these cases, we ensure that the transfer of your personal data is carried out in accordance with the GDPR and applicable legislative provisions, using appropriate safeguards such as:

• Adequacy decisions of the European Commission (e.g. for Switzerland)

• Standard contractual clauses approved by the European Commission (for the USA and the United Kingdom)

• Binding corporate rules for intra-group transfers

• EU-US Data Privacy Framework certification (for certain providers in the USA)

For more information about transfers of your personal data outside the EEA and the safeguards we apply, you can contact us using the contact details provided at the end of this Policy.

8. COOKIES

8.1 What are cookies

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit our Website. Cookies help us provide a better and more personalised user experience.

8.2 Types of cookies we use

We use the following types of cookies on our Website:

• Strictly necessary cookies: required for the operation of the Website and cannot be disabled in our systems. They are usually only set in response to actions you take, such as setting your privacy preferences, logging in to your account or filling in forms. You can set your browser to block these cookies, but some parts of the Website will not function properly.

• Preference cookies: allow the Website to remember the choices you make (such as your username, language or region) and provide enhanced, more personalised features.

• Statistics/analytics cookies: help us understand how visitors interact with our Website by collecting and reporting information anonymously. We use services such as Google Analytics to analyse Website usage data.

• Marketing cookies: used to track visitors across various websites. The intention is to display advertisements that are relevant and engaging to the individual user and thereby more valuable to third-party publishers and advertisers.

8.3 Cookie control and disabling

During your first visit to our Website, you will be asked to accept or reject the use of non-essential cookies via the cookie banner.

You can change your cookie preferences at any time via the “Cookie Settings” link at the bottom of the Website.

In addition, most browsers allow you to control most cookies via their settings. Learn more about how to manage cookies at the following links:

• Chrome

• Firefox

• Internet Explorer

• Safari

• Edge

Please note that disabling certain cookies may affect the functionality of our Website.

9. PERSONAL DATA SECURITY

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include, by way of example:

• Data encryption where necessary

• Regular testing, assessment and evaluation of the effectiveness of security measures

• Restricted access to your personal data, granted only to authorised personnel

• Training of our staff in data protection

• Security policies and procedures for managing breach incidents

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although we take every effort to protect your personal data, we cannot guarantee its absolute security.

10. YOUR RIGHTS

Under the GDPR and applicable data protection legislation, you have the following rights regarding your personal data:

• Right of access: you have the right to obtain a copy of your personal data that we hold and to verify the lawfulness of the processing.

• Right to rectification: you have the right to request the correction of inaccurate or incomplete personal data concerning you.

• Right to erasure: you have the right to request the deletion of your personal data under certain conditions.

• Right to restriction of processing: you have the right to request the restriction of the processing of your personal data under certain conditions.

• Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another data controller.

• Right to object: you have the right to object to the processing of your personal data under certain conditions, in particular where the data is processed for direct marketing purposes.

• Right to withdraw consent: you have the right to withdraw your consent to the processing of your personal data at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

• Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) if you believe that the processing of your personal data infringes the provisions of the GDPR or other data protection laws.

To exercise any of the above rights, you can contact us using the contact details provided at the end of this Policy. We will respond to your request within one month from its receipt, unless more time is required due to the complexity of the request, in which case we will inform you accordingly.

11. PROTECTION OF MINORS

Our Website is not directed at individuals under 16 years of age, and we do not knowingly collect personal data from minors under 16 without the consent of their parent or guardian.

11.1 Parental/guardian consent

In cases where a minor under 16 years of age wishes to use our services (e.g. to make purchases), the explicit consent of the parent or guardian is required. The consent procedure includes:

1. Completion of a special consent form by the parent/guardian

2. Verification of the identity of the parent/guardian (e.g. via email verification or other method)

3. Secure recording of the consent

4. Possibility to withdraw the consent at any time

When we have received consent from a parent/guardian, we limit the collection and processing of the minor’s personal data to what is strictly necessary for the provision of our services.

11.2 Special protective measures

We take additional measures to protect minors:

• Disabling promotional activities and advertisements directed at minors

• Limiting personal data collection to the minimum necessary

• Additional security checks for minor accounts

• Procedures for prompt response to parental/guardian requests

If you are a parent or guardian and believe that your minor child has provided us with personal data without your consent, please contact us and we will immediately take steps to remove this information from our records.

12. CHANGES TO THE PRIVACY PROTECTION POLICY

We reserve the right to modify this Policy from time to time to reflect changes in our business practices, legal requirements or for other operational, legal or regulatory reasons.

The last update of the Policy will be indicated at the bottom of the page. We encourage you to visit this Policy regularly to stay informed of any changes.

In the event of material changes to the Policy that affect your rights or the way we process your personal data, we will notify you via the Website and/or by email before the changes take effect.

13. CONTACT

If you have any questions, comments or concerns regarding this Policy or the way we process your personal data, please do not hesitate to contact us:

AXINAR SA
Data Protection Officer (DPO): Anastasia Chousmekeridou
Address: VIPA ORAIOKASTROU 57013, Thessaloniki, Greece
Phone: 2310808159
Email: anastasia@axinar.com

Last updated: 14/05/2025

AUTOMATED DECISION-MAKING AND PROFILING

1. Introduction and Definitions

As part of our commitment to transparency and compliance with the General Data Protection Regulation (GDPR), we provide the following information regarding automated decision-making and profiling on our website.

1.1 Definition of Automated Decision-Making

“Automated decision-making” means the process of making decisions by automated means without human intervention, based on the processing of personal data.

1.2 Definition of Profiling

According to Article 4(4) of the GDPR, “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects concerning that natural person’s preferences, interests, behaviour, location or movements.

2. Use of Automated Decision-Making and Profiling

2.1 Use Cases

Our company uses the following forms of automated decision-making and profiling:

• Content personalisation: We analyse users’ preferences and browsing behaviour to tailor our website content to their interests.

• Targeted advertising: We use browsing and interaction data to display relevant advertisements that may interest users.

• User behaviour analysis: We analyse usage patterns to improve our services and better serve users.

• Request evaluation: [If applicable] We use automated systems to evaluate user requests (e.g. applications for specific services, eligibility for offers).

• Fraud detection: We use automated systems to detect and prevent fraudulent activity and security breaches.

2.2 Data Used

For the above purposes, we may process the following types of data:

• Browsing data (pages visited by the user, time spent, clicks)

• Demographic data (such as age, gender, location, where provided)

• History of purchases and/or interactions with our services

• Preferences declared by the user

• Technical data (device, operating system, internet service provider)

3. Impact and User Rights

3.1 Impact on Users

The automated decision-making and profiling we carry out:

• Affects the content and advertisements that the user sees on our website

• May affect the notifications and offers that the user receives

We ensure that our automated processes:

• Do not introduce discrimination

• Are fair and transparent

• Are based on accurate and up-to-date data

3.2 User Rights

Under the GDPR, you have the following rights regarding automated decision-making and profiling:

• Right to information: To receive clear information regarding the use of automated processes.

• Right to object: To object to profiling for direct marketing purposes (Article 21 GDPR).

• Right not to be subject: Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you (Article 22 GDPR).

• Right to human intervention: To request human intervention in cases of significant decisions made by automated means.

• Right to express your view: Regarding decisions made by automated means.

• Right to contest: To contest an automated decision.

4. Exceptions and Legal Basis

In certain cases, we may use automated decision-making, including profiling, when:

• It is necessary for the conclusion or performance of a contract between you and us

• It is permitted by EU or Member State law and appropriate measures have been laid down to safeguard your rights, freedoms and legitimate interests

• It is based on your explicit consent

5. Exercise of Rights

To exercise any of the above rights regarding automated decision-making and profiling, you can contact us at the following details:

• Email: e-commerce@axinar.com

• Phone: 2310808159

We undertake to respond to your request within one (1) month from its receipt. In the case of complex or multiple requests, we may need up to three (3) months to respond, but we will inform you accordingly within the first month.

6. Updates to this Policy

This policy regarding automated decision-making and profiling may be updated from time to time. In the case of material changes, we will notify you via our website or by email, where we have your contact details.

Last updated: 14/05/2025