The protection of your personal data is of paramount importance to us.
We declare that mexx.com.gr fully complies with the European Regulation 2016/679 (General Data Protection Regulation, GDPR) for the maximum guarantee of the protection of your personal data. The GDPR is the latest EU regulation laying down the conditions for the processing of personal data, in order to protect the rights and freedoms of individuals, and in particular the right to the protection of personal data.
Mexx.com.gr is not intended for children and minors under 16 years of age. If you are under 16 years old, you may use our website only with the participation and approval of a parent or guardian.
Purpose of Processing:
The collection and processing of your personal data is for the sole purpose of executing and supporting your orders, our communication with you and your best experience when using our website. More specifically:
1) Execution and support of your orders
In order to be able to manage your orders, execute them and support you after the sale, we need your following data:
Your e-mail address (email) in order to inform you about the progress of your order
Landline or mobile phone number in order to contact you regarding your order. In the case of a mobile phone, we also inform you with messages about the progress of your order.
Your name and surname in order for your order to be delivered to you and to serve you after the sale. If you request an invoice, we also need VAT, Tax Office and Profession for the issuance of the corresponding document.
The shipping address of the order in order to receive it at the place you want.
2) Send newsletters with news and offers (newsletter)
If you wish, you can subscribe to our newsletter (newsletter), to receive from us news, suggestions, offers and other updates about our products and services. Your registration is done with your free and clear consent either during the ordering process or by entering your email in one of the relevant forms on our website.
Creating a Member Account:
If you wish, you can create a member account on our website. By creating a member account you can make your purchases without having to enter your details every time. You can also track the progress of your current order online, look at your order history, and edit your wishlist.
To create a member account we need the same information that we ask for you and for the registration of an order and the purpose of processing them remains the same as the purpose for the execution and support of orders. Additionally, you need to enter a username and password to access your account only. You are solely responsible for maintaining the confidentiality and concealment of your password by third parties and in case of loss or leakage you must notify us immediately, otherwise we are not responsible for its use by an unauthorized person. For security reasons, we recommend that you change your password at regular intervals and avoid using the same and easily traceable passwords (eg date of birth). We also suggest you use not only letters and numbers but also symbols and its creation.
Payment Card Details (Credit, Debit Cards):
For the payment of your orders by credit or debit card, the registration of their data is done by your automatic transition to the safe environment of the banking institution and this data is never made known to us and therefore neither processed nor stored by mexx.com. gr.
Legal reasons for processing personal data:
We collect the personal data you share with us based on one or more of the following legal bases:
1) as required for the provision of the services you assign us and wish to receive from us and consequently the fulfillment of our contractual obligations in this context, for the proof of your orders, for the after-sales support, to contact you about your orders and generally where it is reasonably necessary or required to comply with legal or regulatory requirements, to resolve disputes, to prevent fraud and abuse or to impose terms and conditions
2) as required by our legitimate interests (or those of third parties), including our interests in providing innovative, personalized, secure and profitable services to our users and partners, unless your own interests or fundamental rights or fundamental freedoms dictate the protection of personal data override those interests.
3) as required for compliance with an obligation imposed by law, such as regulatory compliance for tax purposes
4) in accordance with the consent you provide under the specific conditions set by the legal framework, in order to receive updates on products, services, offers, etc.
Processing your data by third parties:
The information we receive from you is important. We will not exploit your information in any way or pass it on to third parties outside our company without your consent, except in the cases noted in this Policy. The access to your personal data is allowed only to our authorized persons-partners who are required to have access to serve the operational needs of the company.
In order to provide you with our services we will share your personal data with some third party companies, which act on our behalf (executors) providing us with transfer / distribution, hosting and bulk email services etc. in order to provide optimal service to you. Our company ensures the processing of your personal data by partners-third companies with conventional clauses limiting the purpose of processing and compliance with technical and organizational measures for the correct and secure processing of your personal data.
Regarding the data storage period, when the processing is required by the provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require. When processing under contract, your personal data is stored for as long as necessary for the performance of the contract and for the establishment, exercise, and / or support of legal claims under the contract.
For the purposes of promoting products and services (marketing activities), your personal data is kept until your consent is revoked. This can be done by you at any time. Withdrawal of consent shall not affect the lawfulness of the proceedings based on the consent given in the period prior to its withdrawal.
Your rights regarding your personal data:
As a natural person, with the following rights, you have control over the processing of your personal data. Specifically, your following rights are recognized and guaranteed:
● Right to transparent information about how your personal data is collected and used
● Right of access to personal data
● Right to correct or modify personal data
● Right to delete your personal data
● Right to restrict the processing of your personal data
● Right to the portability of your personal data
● Right to object to the processing of your personal data
● Right to revoke your already given consent, ie to withdraw your consent at any time for processing based on consent. Withdrawal of consent shall not affect the lawfulness of the proceedings which were based on prior consent.
The above rights are restricted by law and may not have to be fulfilled by us under certain conditions (such as when there is a contract, obligation to process personal data required by law, public interest, in order to protect our legal interests, etc.) .
To exercise any of the above rights you can contact us via email at email@example.com or by letter to our address.
In addition, you have the right to complain to the competent supervisory authority, Personal Data Protection Authority (APDPH): www.dpa.gr, 1-3 Kifissias Ave., Athens, PC 115 23, +30 210 6475600, firstname.lastname@example.org.
We are committed to protecting your information and have taken the necessary technical and organizational measures to protect your information from any loss, alteration, access or misuse. In any case, the way the internet operates and the fact that it is free does not allow anyone to guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures by gaining access to and possibly using personal data for unauthorized and / or illegal purposes. We undertake that any violation of personal data is reported directly to the Personal Data Protection Authority and to individuals with direct information or public announcement.
Cookies are small text files, which are stored on your computer or mobile device. Cookies do not take up much space and are automatically removed when they expire. Some cookies expire at the end of your internet visit, while others are stored for a short time.
You may change your browser settings to delete or prevent cookies from being stored on your computer or mobile device without your express consent. The "help" section in your browser will provide you with information on how you can manage your cookie settings. See how this works for your browser at the following addresses:
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
Internet Explorer: http://support.microsoft.com/gp/cookies/en
By disabling cookies or revoking your consent, certain features of the website will not be available. In addition, the performance and functionality of the website may be affected.
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR), the implementation of which started on May 25, 2018, applies to companies based in the European Union, but also to international companies that process personal data belonging to natural persons residing in the European Union.
Although many of the principles of the GDPR are in fact an extension of existing EU data protection rules, the GDPR has a wider scope and stricter standards, and provides for significant financial sanctions. For example, it sets stricter conditions for obtaining consent to the use of certain types of data and extends the rights of individuals to access and transfer their data. It also provides for significant penalties, enabling regulators to impose financial penalties of up to 4% of a company's total annual revenue for certain infringements.
The commitment and preparation of the MEXX e-shop
Data protection is a key issue for the MEXX e-shop, which complies with current European Union data protection legislation and the General Data Protection Regulation (GDPR).
Having already started the necessary procedures for our compliance with the GDPR, we undertake the following commitments:
Transparency: Our Data Policy will remain the only means of describing the methods we use to process users' personal data. At the same time, however, we will provide consent for new and existing customers and recipients of our updates, notifications within the products and solutions we advertise as well as training campaigns for our end customers.
Control: We will continue to provide our customers and recipients of updates with control over how their data is used. In this context, we will always provide the opportunity to exercise the "right to be forgotten" through the informative newsletters that we will send.
Accountability: We are responsible for our practices and have established Privacy Principles that illustrate our rationale for protecting privacy and data. Our legal department has regular meetings with regulators and legislators, as well as with privacy experts, in order to stay fully informed and make the necessary adjustments where needed.
Relevant legal bases
According to the GPDR regulation, there are a number of reasons that justify the processing of personal data. Below we describe the most relevant legal bases, according to the GDPR regulation.
The data being processed must be necessary for the execution of the project and must be defined in the contract concluded with the individual.
Specific and clear consent is required, which should be given freely, having been informed of all relevant information and with clear, positive action.
Recipients have the right to withdraw their consent and should be informed of this right.
A company or other third party must have legitimate interests, which are not undermined by the rights or interests of the individual who consents to the processing of his personal data.
Data processing must be stopped in the event of an objection.
The MEXX e-shop as a data processing manager and as a data processing executor
Data controller: The data controller is the one who determines the "objectives" and "means" for each case of personal data processing.
Data controllers should adopt compliance measures that cover how the data is collected, their purposes of use and how long they are retained, and ensure that individuals have access to the data held.
Perform data processing: Perform data processing is the person who processes personal data on behalf of the data controller. Also, cases that directly concern the data processors, the data controllers must bind them, in order to ensure the safe and legal processing of the data.
Although the MEXX e-shop manages most of its services as a data controller, there are some cases in which it also acts as a data processor in the context of its cooperation with companies.
When the MEXX e-shop processes data as it performs the data processing on your behalf, your business must have its own legal basis on which to process and communicate data to us.