As a responsible business, P/COC recognizes the need to comply with the European Union General Data Protection Regulation (GDPR) and ensure that effective technical and operational measures will be in place to protect the personal data of our customers, employees and other stakeholders and carry out any processing of those in a fair, transparent and lawful way.
Commitment to the delivery of Personal Data Protection extends to senior level and will be demonstrated through the provision of appropriate resources to establish and develop effective technical and organizational measures to ensure appropriate security for personal data. We share a top-down approach, outlining the planning and executing phases to structure the approach to a compliance strategy; we define the key considerations for each of the phases, including objectives, participants, inputs, tasks, and deliverables.
Top management will ensure at all times that a systematic review of the performance of the program is conducted on a regular basis, addressing whether objectives were met as well as any areas of concern that may require corrective actions.
Risk management will take place at several levels within the organization, including:
•Assessment of risks to the achievement of our personal data protection objectives
•Regular personal data protection risk assessment within specific operational areas
•Assessment of risk as part of the business change management process
GDPR is approached as just an additional framework for improving the quality and quantity of the data by also avoiding potential duplications.
What we need
P/COC is the ‘Controller’ of the personal data you are about to provide to us. We only collect basic personal data about you, which do not include any sensitive information. If you decide to contact us through our website, then you will be asked to submit the limited personal data which is necessary for us to provide you the product/s you have ordered, handle your query or contact you for providing more information about our products. This is completely voluntary. The information we collect about you depends on the form you fill in. It includes (but isn’t limited to) the following: your name, email address, IP address, location data, and information regarding what pages are accessed and when. For billing purposes, we won’t be able to delete or anonymize the data you provide to us for the payment and shipping of your product/s.
Why we need it
We need to know your limited personal data in order to provide you with newsletters about products and services offerings as well as other relevant, material. We do not collect any sensitive personal data we do not need, other than what is absolutely necessary for serving your request. If any form which collects your personal data allows you to voluntarily provide additional information, we seek this information because we think it will help us to give you a better quality service. You do not have to provide such information if you do not wish to do so.
We also collect personal data from cookies, which we explain here.
What we do with it
All the personal data collected is processed by P/COC’s personnel in Greece. However, for the purposes of IT hosting and maintenance, this information is located on servers within the European Union. We need your data to be able to complete the action (order shipping) you have requested. Morover, we collect your emails and transfer them to MailChimp (read its GDPR policy here). You will have to declare whether or not you want to send you informative newsletters about our products as soon as you provide us your emails. Moreover, we collect your data through Google Analytics (read its GDPR policy here) in order to understand what you are searching on our website and provide you relevant information in the future. We also want to provide you with relevant ads in the future. Finally, we collect your data through Facebook Pixel (read it GDPR policy here) in order to provide you with relevant information in the future.
How long we keep it
For tax reasons and possible tax audits we must keep your data in our database and invoice details for 10 years. Moreover, we will keep your personal data for 2 years (for marketing purposes) in order to provide you with product and services updates. On completion of the 2 years’ period, we will seek your consent again for continuing to deliver information about our products and services to you. If you choose to unsubscribe from a service, we may keep a ‘suppression list’ containing your details so we know you have unsubscribed.
What we would also like to do with it
We would, however, like to use your name and email address to inform you of our future offers and products. This information is not shared with third parties and you can unsubscribe at any time via phone, email or our website. You can indicate when filling a form if you would like or not sign up to.
☐ Yes, I consent to receive communications (which may include, phone, email, social, and re-targeting ads) from P/COC.
You can subscribe and select your preferences via the following link: http://eepurl.com/cpQoEH
For additional information about personal data intake, storage, usage, maintenance, and disposal, please contact us at firstname.lastname@example.org.
What are your rights?
We reserve the right to modify this Policy at any time. If at any point you believe the information we possess on you is incorrect or you would like to request to review it, please contact us and we’d gladly have it corrected or deleted for you. You have the right to access your personal data and ask for it to be rectified or deleted at any later time. If you wish to raise a complaint about how we have handled your personal data, you can contact our team who will investigate the matter and comply with your request, at email@example.com.
Last Updated: May 2018