1. PREAMBLE

This website is owned and operated by the company under the name “IRIDANOS – OINAMPELOS SA TOURIST HOTELS AND RURAL BUSINESSES/ ENTERPRISES” and the distinctive title “IRIDANOS – OINAMPELOS SA“(“The Company”, “we”)based in the Miniera area of Kos, Greece, which is committed to complying with any applicable Data Protection Legislation.

This Privacy Notice provides information on the collection of personal data during the use of this Website (“The Website”). It also explains how this personal data is used, shared and protected, as well as how the Website users (“the users”, “you”, “data subjects”) can exercise their rights in this respect.

  • PURPOSE AND LEGAL BASIS OF DATA PROCESSING, DATA RETENTION
  Purpose of Data Processing The categories of personal data we collect Legal Basis of Data Processing Data Retention Period
1. Ensuring that each function of the Website operates properly IPaddress, cookies, browserdetails about the type of device (which can include unique device identifying numbers), operating system and browser. The processing of this personal data is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. We process your personal data during your visit. Cookies data are further kept according to the Website’s Cookies Policy.
2. Sale of our products Name, surname, emailaddressbilling address, shipping address, phone number The processing of this personal data is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. The personal data is kept for 20 years according to the tax legislation.
3. Receivefeedbackonourproductsthrough the relevant form Name, emailaddress,any other personal data included in the relevant form. WeprocessthesecategoriesofpersonaldataonthelegalbasisofthelegitimateinterestspursuedbytheCompany, inparticulartoidentifyyourpreferencesand improve our products. We retain your personal data for a month. Incasethatyourrequestrelatestoalegalclaim, the retention periodwill be defined according to the relevant legislation.
4. Handling your queries/ requests sent through the contact form Name, surname, email address, any other personal data that may be included in a message sent through the contact form.   We process these categories of personal data on the legal basis of the legitimate interests pursued by the Company, for compliance with a legal obligation to which the Company is subject or in order to take steps at your request prior to entering into a contract -depending on the nature of your message. We retain your personal data until we have adequately responded to your request. Incasethatyourrequestrelatestoalegalclaim, the retention periodwill be defined according to the relevant legislation.
5. Creating a user account   Name, surname, companydetails (if any), emailaddress, full address, user -accountpassword and any personal data included in the relevant form. The processing of this personal data is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. We retain your personal data until your account has been deleted.
6. Signing up for our Newsletter Email address Your consent Weretainyourpersonaldataforsix (6) months after you unsubscribe from our Newsletter- retrieve your consent.
  • WHO WE MIGHT SHARE YOUR PERSONAL DATA WITH

We only share your personal data when this is necessary to fulfill the above-mentioned purposes, in particular with:

  1. our third-party partners, service (web development, maintenance and hosting) providersfor the purposes of the proper functioning of the Website. All these partners provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the applicable Data Protection Legislation and ensure the protection of the rights of the data subjects;
  2. third parties that undertake to provide services to you on behalf of our Company, e.g. express delivery companies.
  3. professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilitieswhen deemed necessary, based on the nature and content of a message submitted through the contact form;
  4. lawyers, insurance companies/brokers when deemed necessary, based on the nature and content of a message submitted through the contact form;
  5. any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts, tax, regulatory or other public authorities.

Such sharing or transfers of personal data are protected by appropriate safeguards (e.g. appropriate contractual clauses, data processing agreements, policies/ rules for intra-Company disclosures of personal data, etc.) and if recipients operates outside the EEA, appropriate protections are in place to ensure that your personal data remains adequately protected including adequacy decisions adopted by or standard contractual clauses approved by the European Commission.

  • DATA SUBJECTS’ RIGHTS

In accordance with the General Data Protection Regulation (“GDPR”) and the Greek Data Protection Legislation, Data Subjects have the following rights:

  • The right to be informed regarding your personal data being processed;
  • If the processing of personal data is based on your consent, the right to withdraw consent for future processing of that data;
  • The right to request access to and rectification of your personal data;
  • Subject to limitations as provided for in the GDPR or the Greek Data Protection Legislation, the right to request restriction of the processing of your personal data.
  • Subject to limitations as provided for in the GDPR or the Greek Data Protection Legislation, the right to request erasure of your personal data.
  • Subject to limitations as provided for in the GDPR or the Greek Data Protection Legislation, the right to personal data portability.

You have the right to lodge a complaint with the competent data protection authority, the Hellenic Data Protection Authority, located in Athens, 1 – 3 Kifisias Avenue, P.C. 115 23 (tel. +30 210 64 75 628 – email: complaints@dpa.gr).

  • CONTACT US

To exercise any of the Data Subjects’ rights or make a complaint to us relating to your privacy or for any other questions about the use of your personal data, you can  send an email to the Company’s DPO, email: dpo@koswinery.gr

  • CHANGES

We may change this Privacy Notice. Any changes will become effective when we post the revised documents on the Website. We encourage you to periodically review this Policy to stay informed about how we collect, use, and share your personal data.