Privacy notice


Last updated: 2020-01-01


elcampo.gr is provided by Elcampo IKE (‘we’/’us’/’our’). In doing so, we may be in a position to
receive and process personal information relating to you. As the controller of this information, we’re
providing this Privacy Notice (‘Notice’) to explain our approach to personal information. This Notice
forms part of Terms and Conditions which govern the use of this website.

We intend only to process personal information fairly and transparently as required by data
protection law including, the General Data Protection Regulation (GDPR). In particular, before
obtaining information from you, (including through use of cookies) we intend to alert you to this
Notice, let you know how we intend to process the information (including through use of cookies)
and (unless processing is necessary for at least one of the 5 reasons outlined in clause 2 below) we’ll
only process the information if you consent to that processing. The GDPR also defines certain
‘special categories’ of personal information that is considered more sensitive. These categories
require a higher level of protection, as explained below.

Of course, you may browse parts of this website without providing any information about yourself
and without accepting cookies. In that case, it’s unlikely we’ll possess and process any information
relating to you.

We’ll start this Notice by setting out the conditions we must satisfy before processing your data.
However, you may wish to start with this table at clause 4, which summarises what we intend to
collect, or this table at clause 8.5, which summarises our use of cookies. The Notice also explains
some of the security measures we take to protect your personal information, and tells you certain
things we will or won’t do. You should read this Notice in conjunction with the Terms and
Conditions.

Sometimes, when you take a new service or product from us, or discuss taking a new service or
product but decide against it, we might wish to provide you with further information about similar
services or products by email or other written electronic communication. In that situation, we’ll
always give you the opportunity to refuse to receive that further information and you can change
your mind at any point (opt-out) by contacting our Data Protection Officer (DPO) as set in clause 1.3.
We’ll endeavour to remind you of your right to opt-out on each occasion that we provide such
information.

1. Identity and contact details

1.1 Registered office: Agios Athanasios, Kourouta, Amaliada, Greece, 27200.

1.2 [email protected]

1.3 Our Data Protection Officer (DPO) DPO Georgios Depountis would welcome communication from
you regarding any matter relating to data protection, and can be contacted by phone on +6994210952 or by mail at [email protected]

2. When allowed to collect information from you

We’ll only collect personal information relating to you if one of the following conditions have been
satisfied:


2.1 You have clearly told us that you are content for us to collect that information for a certain
purpose or purposes that we will have specified.

2.2 The processing is necessary for the performance of a contract that we have with you.

2.3 The processing is necessary so that we can comply with the law.

2.4 The processing is necessary to protect someone’s life.

2.5 The processing is necessary for the performance of a task that’s in the public interest.

2.6 The processing is necessary for our or another’s legitimate interest – but in this case, we’ll
balance those interests against your interests.

3. How to consent

3.1 At the point of collecting the information, we’ll endeavour to explain how we intend to use the
information and which of these purposes apply. If we rely on consent, we’ll provide you with the
opportunity to tell us that you’re happy to provide the information.

3.2 If at any point in time you change your mind and decide that you don’t consent, please let us
know and we’ll endeavour to stop processing your information in a specified manner, or we’ll delete
your data if there is no continuing reason for possessing it.

3.3 If you don’t consent to a particular bit of processing, we’ll endeavour to ensure that the website
and our service continue to operate without the need for that information.

Sensitive information

Certain information we collect may be considered to be in special categories of personal information.
In particular, it may:
None

If we do collect such information as specified in clause 4.1, we’ll also ensure that one of the
additional reasons for processing outlined in Article 9 of the GDPR applies.

5. Information we expect to collect from you

5.1 We envisage asking for the following types of information from you:
Information type
Purpose and related details
Justification
Name
We ask for this to give receipt for our
products or services
Special categories:
Criminal data:
Lawful basis:
• It’s necessary for the
performance of a contract with
you.
Justification for special
categories:
Justification for criminal data:

5.2 We may collect personal information about you from a number of sources, including the
following:

5.2.1 From you when you agree to take a service or product from us, in which case this may include
your contact details, date of birth, how you will pay for the product or service and your bank details.

5.2.2 From you when you contact us with an enquiry or in response to a communication from us, in
which case, this may tell us something about how you use our services.

5.2.3 From documents that are available to the public, such as the electoral register.

5.2.4 From third parties to whom you have provided information with your consent to pass it on to
other organisations or persons – when we receive such information we will let you know as soon as is
reasonably practicable.

5.3 If you refuse to provide information requested, then if that information is necessary for a service
we provide to you we may need to stop providing that service.

5.4 At the time of collecting information, by whichever method is used, we’ll endeavour to alert you
and inform you about our purposes and legal basis for processing that information, as well as
whether we intend to share the information with anyone else or send it outside of the European
Economic Area. If at any point you think I’ve invited you to provide information without explaining
why feel free to object and ask for our reasons.

6. Using your personal information

6.1 Data protection, privacy and security are important to us, and we shall only use your personal
information for specified purposes and shall not keep such personal information longer than is
necessary to fulfill these purposes. The following are examples of such purposes. we have also
indicated below which GDPR justification applies. However, it will depend on the circumstances of
each case. At the time of collecting, we will provide further information, and you may always ask for
further information from us.

6.1.1 To help us to identify you when you contact us. This will normally be necessary for the
performance of our contract.

6.1.2 To help us to identify accounts, services and/or products which you could have from us or
selected partners from time to time. we may do this by automatic means using a scoring system,
which uses the personal information you’ve provided and/or any information we hold about you and
personal information from third party agencies (including credit reference agencies). we will only
use your information for this purpose if you agree to it.

6.1.3 To help us to administer and to contact you about improved administration of any accounts,
services and products we have provided before, do provide now or will or may provide in the future.
This will often be necessary, but sometimes the improvements will not be required, which case we
will ask whether you agree.

6.1.4 To allow us to carry out marketing analysis and customer profiling (including with
transactional information), conduct research, including creating statistical and testing information.
This will sometimes require that you consent but will sometimes be exempt as market research.

6.1.5 To help to prevent and detect fraud or loss. This will only be done in certain circumstances
when we consider it necessary or the law requires it.

6.1.6 To allow us to contact you by written electronic means (such as email, text or multimedia
messages) about products and services offered by us where:

6.1.6.1 these products are similar to those you have already purchased from us,

6.1.6.2 you are given the opportunity to opt-out of being contacted by us at the time your personal
information was originally collected by us and at the time of our subsequent communications with
you, and

6.1.6.3 you have not opted out of us contacting you.

6.1.7 To allow us to contact you in any way (including mail, email, telephone, visit, text or
multimedia messages) about products and services offered by us and selected partners where you
have expressly consented to us doing so.

6.1.8 To keep you up to date with our member benefit scheme under which, as part of your
membership benefits, we will give you membership information and details of discounts and offers
we negotiate from time to time on behalf of our members. we will only do this if you have told us that
you would like this benefit.

6.1.9 We may monitor and record communications with you (including phone conversations and
emails) for quality assurance and compliance.

6.1.9.1 Before doing that, we will always tell you of our intentions and of the specific purpose in
making the recording. Sometimes such recordings will be necessary to comply with the law.
Alternatively, sometimes the recording will be necessary for our legitimate interest, but in that case
we’ll only record the call if our interest outweighs yours. This will depend on all the circumstances,
in particular, the importance of the information and whether we can obtain the information another
way that’s less intrusive.

6.1.9.2 If we think the recording would be useful for us but that it’s not necessary we’ll ask whether
you consent to the recording, and will provide an option for you to tell us that you consent. In those
situations, if you don’t consent, the call will either automatically end or will not be recorded.

6.1.10 When it’s required by law, we’ll check your details with fraud prevention agencies. If you
provide false or inaccurate information and we suspect fraud, we intend to record this.

6.2 We will not disclose your personal information to any third party except under this Notice, and
in particular in these circumstances:

6.2.1 They will be processing the data on our behalf as a data processor (where we’ll be the data
controller). In that situation, we’ll always have a contract with the data processor as set out in the
GDPR. This contract provides significant restrictions as to how the data processor operates so that
you can be confident your data is protected to the same degree as provided in this Notice.

6.2.2 Sometimes, it might be necessary to share data with another data controller. Before doing that
we’ll always tell you. Note that if we receive information about you from a third party, then as soon
as reasonably practicable afterwards, we’ll let you know; that’s required by the GDPR.

6.2.3 Alternatively, sometimes we might consider it to be in your interest to send your information
to a third party. If that’s the case, we’ll always ask whether you agree before sending.

6.3 Where you give us personal information on behalf of someone else, you confirm that you have
provided them with the information set out in this Notice and that they have not objected to such use
of their personal information.

6.4 In connection with any transaction which we enter into with you:

6.4.1 We may carry out one or more credit checks where you have given us your express consent.

6.4.2 We may carry out one or more fraud prevention checks with licensed fraud prevention
agencies.

6.4.3 We and they may keep a record of the search. Information held about you by these agencies
may be linked to records relating to other people living at the same address with whom you are
financially linked. These records may also be taken into account in credit and fraud prevention
checks. Information from your account’s application and payment details will be recorded with one
or more of these agencies. It may be shared with other organisations to help make credit and
insurance decisions about your household members with whom you are financially linked and for
debt collection and fraud prevention. This includes those who have moved house and who have
missed payments.

6.4.4 If you provide false or inaccurate information to us and we suspect fraud, we will record this
and may share it with other people and organisations. We and other credit and insurance
organisations, may also use technology to detect and prevent fraud.

6.4.5 If you need details of those credit agencies and fraud prevention agencies from which we
obtain and with which we record information about you, please write to our Data Protection Officer
as detailed in clause 1.3.

6.4.6 We may need to transmit the payment and delivery information provided by you during the
order process to obtain authorisation from your bank or from PayPal.

6.5 We may allow other people and organisations to use personal information we hold about you in
the following circumstances:

6.5.1 If we, or substantially all of our assets, are acquired or are in the process of being acquired by
a third party, in which case personal information held by us about our customers, will be one of the
transferred assets.

6.5.2 If we have been legitimately asked to provide information for legal or regulatory purposes or
as part of legal proceedings or prospective legal proceedings.

6.5.3 We may employ companies and individuals to perform functions on our behalf, and we may
disclose your personal information to these parties for the purposes set out above, for example, for
fulfilling orders, delivering packages, sending postal mail and email, removing repetitive information
from customer lists, analysing data, providing marketing assistance, providing search results and
links (including paid listings and links), processing credit and debit card payments and providing
customer service. Strict contractual provisions will bind those parties with us and will only have
access to personal information needed to perform their functions, and they may not use it for any
other purpose. Further, they must process the personal information under this Notice and as
permitted by the GDPR. From time to time, these other people and organisations to whom we may
pass your personal information may be outside the European Economic Area. we will take all steps
reasonably necessary to ensure that your personal information is treated securely and per this
Notice and the GDPR.

7. Protecting information

7.1 We have strict security measures to protect personal information.

7.2 We work to protect the security of your information during transmission by using Secure
Sockets Layer (SSL) software to encrypt the information you input.

7.3 We reveal only the last five digits of your credit card numbers when confirming an order. Of
course, x we transmit the entire credit card number to the appropriate credit card company during
order processing.

7.4 We maintain physical, electronic and procedural safeguards in connection with the collection,
storage and disclosure of personally identifiable customer information. our security procedures
mean that we may occasionally request proof of identity before we disclose personal information to
you.

7.5 You need to protect against unauthorised access to your password and to your computer. Be
sure to sign off when you finish using a shared computer.

7.6 The lawful basis of collecting this information is It’s necessary so you can fulfil a contract with
the individual.

8. The internet

8.1 If you communicate with us using the Internet, we may occasionally email you about our services
and products. When you first give us personal information through the website, we will normally
give you the opportunity to say whether you would prefer that we don’t contact you by email. You
can also always send us an email (at the address set out below) at any time if you change your mind.

8.2 Please remember that communications over the internet, such as emails and webmails
(messages sent through a website), are not secure unless encrypted. Your communications may go
through several countries before they are delivered – this is the nature of the internet. We cannot
accept responsibility for any unauthorized access or loss of personal information that is beyond our
control. We exclude all liability for loss that you may incur when interacting with this third-party advertising or using these third-party websites unless you’ve consented in accordance with this privacy notice.

9. Cookies and other internet tracking technology

9.1 When we provide services, we want to make them easy, useful and reliable. This sometimes
involves placing small amounts of information on your computer, which is sent back to us at a later
time. These are called ‘cookies’. These cookies are listed in the table in clause 9.5. Some websites
don’t use cookies but use related technology for gaining information about website users, such as
JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to
measure the effectiveness of their ads and to personalise advertising content. Multiple cookies may
be found in a single file, depending on which browser you use.

9.2 Where applicable, this section of the Notice also relates to that technology, but the term ‘cookie’
is used throughout.

9.3 Some of these cookies are essential to the services you’ve requested from us, whereas others are
used to improve services for you, for example through:

9.3.1 Letting you navigate between pages efficiently

9.3.2 Enabling a service to recognise your computer, so you don’t have to give the same information
during one task

9.3.3 Recognising that you have already given a username and password, so you don’t need to enter
it for every web page requested

9.3.4 measuring how many people are using services, so they can be made easier to use and that
there is enough capacity to ensure they are fast

9.4 To learn more about cookies, you may wish to visit: www.allaboutcookies.org,
www.youronlinechoices.eu or www.google.com/policies/technologies/cookies/

9.5 This website uses Cookies. You can found all used cookies in ant online Cookies checker or email us to sent you a report.

9.6 Categories of Cookies can be found in the ICO UK Cookie guide.

9.7 As with any other information we may collect from you, we’ll work to protect the security of your
information during transmission by using Secure Sockets Layer (SSL) software to encrypt the
information you input.

9.8 The Website may include third-party advertising and links to third-party websites. we do not
provide any personally identifiable customer personal information to these third-party advertisers or
third-party websites except where you’ve consented under this privacy notice, however as to
cookies, please see above clause Cookies and other internet tracking technology.

10. Further information

10.1 If you would like any more information or any comments about this Notice, please write to our
Data Protection Officer (DPO) as detailed in clause 1.3 .

10.2 Please note that we may have to amend this Notice on occasion, for example, if we change the
cookies that we use. If we do that, we will publish the amended version on the website. In that
situation, we will endeavour to alert you to the change, but it’s also your responsibility to check
regularly to determine whether this Notice has changed.

10.3 You can ask us for a copy of this Notice by writing to the above address or by emailing us at
[email protected] This Notice applies to the personal information we hold about individuals. It does
not apply to information we hold about companies and other organisations.

10.4 If you would like access to the personal information that we hold about you, you can do this by
emailing us at [email protected] or writing to us at the address noted above. There is not normally a
fee for such a request, however, if the request is unfounded, repetitive or excessive we may request
a fee or refuse to comply with your request. You can also ask us to send the personal information we
hold about you to another controller.

10.5 We aim to keep the personal information we hold about you accurate and up to date. If you tell
us that we’re holding any inaccurate or incomplete personal information about you, we will promptly
amend, complete or delete it accordingly. Please email us at [email protected] or write to us at the
address above to update your personal information. You have the right to complain to the
Information Commissioner’s Office if we don’t do this.

10.6 You can ask us to delete the personal information that we hold about you if we relied on your
consent in holding that information or if it’s no longer necessary. You can also restrict or object to
our processing of your personal information in certain circumstances. You can do this by emailing us
at [email protected] or writing to us at the address noted above.

10.7 We will tell you if there is a breach, or a likely breach, of your data protection rights.

‘Just-in-time’ notices

Privacy notice about necessary information

We have asked for personal information from you. This information is necessary for one of the
reasons specified in the General Data Protection Regulation.
For more information, please read our full privacy notice at elcampo.gr/privacy.
If you have any concerns, please contact our Data Protection Officer (DPO)by phone on
+6994210952 or by mail at [email protected]