Privacy Policy
Each person visiting the website www.NEIROMAI.com (user) can navigate its webpages and make use of its services and content either as visitor or as registered user and processing of their personal data resulting of such access is subject to the present policy. Any user who wishes to make an online purchase from www.NEIROMAI.com may also choose two (2) ways to complete it: either as a visitor (guest) or as a registered user.
1 Lawfulness and Purpose of Processing, Transparency, and Data Accuracy
The company under the name NEIROMAI. with registered address at NOTARA 47 KORYDALLOS 18122 GREECE, hereinafter referred to as “NEIROMAI.”, is the controller of the personal data of any given visitor/registered user on the website www.NEIROMAI.com and controls the processing of its data. NEIROMAI. informs the users of its website on the following:
1.a For the processing of the personal data related to the navigation of the content and performance of online purchases on the website www.NEIROMAI.com, NEIROMAI. relies on the following legal bases:
- Performance of a contract (Article 6, paragraph 1, letter (b) of the GDPR): In order to achieve the purpose of the performance of the distance sales contract and, in particular, to enable the user to complete its orders in NEIROMAI.com, it is necessary to process the personal data provided by the user in the order form when placing his/her order and to record and track the user’s transactions. The purpose of this necessary data processing is the completion of each order, the communication concerning the order processing steps, the provision of any clarifications related to the order and generally the analysis and information for the purchases the user has made in order to fulfill NEIROMAI. contractual obligations (including taking actions related to the commercial guarantee provided by NEIROMAI.), the delivery of the order to the selected address, the identification and verification of the user, where necessary, deliveries to the user related to the performance of an order/request, and the notification on the existing product stock, as well as other purposes related to the orders via the online shop, as described in the General Terms and Conditions of the Website and Online Shop of NEIROMAI. (e.g. for the purposes of products return etc.)
- Legitimate interests (Article 6, paragraph 1, letter (f) of the GDPR): Some processing of the personal data is required for the improvement of the services provided by NEIROMAI,the evaluation of our products and services, the detection of fraud attempt or misuse and any collaboration with judicial and regulatory authorities. In case you contact us with a question related to our products and services before making a purchase or receiving a service, we will need some of your data to be able to answer you, as it is in our legal interest to facilitate the consumers when making their purchases so that they can have a great shopping experience from our stores. Also, data processing is necessary for the regular communication with the visitor and/or the registered user via telephone, mail, email, mobile phone message (SMS) or any other appropriate means of communication using the user’s contact information, which has been lawfully obtained, during the use of com, in relation to the products and services offered by NEIROMAI. within the context of their transactional relationship, according to ePrivacy Directive and for as long as the user does not object to such communication. Finally, NEIROMAI. considers that its legitimate interests include the presentation and promotion of the company and its stores, as well as its products and services on social media and other Information Society Services, also allowing other users of these networks to participate in promotions as well as to declare that they like ("like") our page and to post comments about our products/services.
- For compliance with NEIROMAI. legal obligations (Article 6, paragraph 1, letter (c) of the GDPR): such could be, for example, obligations under tax legislation, accounting legislation, etc. The purposes of processing in those cases are the compliance with the respective legal obligation by NEIROMAI. under the applicable legislation.
2 Processing and categories of personal data. Rights of the visitors/registered users
a) Processing of Personal Data: For online purchases, NEIROMAI. will process the user's personal data completed by him/her during the creation of his account and/or in his order registration form, in order to complete his/her specific order through our online store. Each user of the online store www.NEIROMAI.com may choose 2 ways to complete an online purchase order and to enter his/her personal data:
- As a visitor: In this case the visitor’s collected personal data will be retained in a form allowing identification by NEIROMAI. for forty (40) days from the delivery or completion/cancellation of the specific order and the data processing will concern only the performance of the distance sales contract and other purposes of processing stated in this Privacy Policy (after that 40-day period the data will be anonymized). Certain data, however, proving the conclusion and fulfillment of the transaction and/or other data related to the transaction, as well as proof for the notification for the processing of the personal data, shall be retained in a form allowing identification after the expiry of that period (under the previous sentence) for compliance with legal obligations of NEIROMAI. (e.g. for tax purposes) and/or for the establishment, exercise and/or defence of legal claims. Also, even after the 40-day period, the visitor’s contact data will be retained and used by NEIROMAI. for marketing purposes, unless the user has stated that he does not wish such communication.
- As a registered user of the e-shop: In this case the user has created a user account in our e-shop and his/her personal data will be retained in a form allowing identification by NEIROMAI. until the user requests the deletion of his/her account (after he/she makes such a request his/her data will be anonymized). Certain data, however, proving the conclusion and/or fulfillment of the transactions and other data related to the transactions, as well as proof for the notification for the processing of the personal data, shall be retained in a form allowing identification for compliance with legal obligations of NEIROMAI. (e.g. for tax purposes) and/or for the establishment, exercise and/or defence of legal claims. Also, even after the registered user requests the deletion of his/her account, its contact data will be retained and used by NEIROMAI. for marketing purposes, unless he/she has stated that he/she does not wish such communication.The registered user can, at any time, change or rectify his/her data by logging into his/her account in NEIROMAI.com(login) with his/her username and password.
ΘΑ ΜΠΟΡΕΙ ΝΑ ΚΑΝΕΙ REGISTER? ΔΕΝ ΤΟ ΕΧΟΥΜΕ ΞΕΚΑΘΑΡΙΣΕΙ ΑΥΤΟ
-
b) Personal Data Category
In particular, the personal data each user must provide (regardless of whether it places an online order as a visitor or a registered user) in order to carry out any transaction through the NEIROMAI. e-shop (NEIROMAI.com) and to place orders of its products/services are the following:
- the user’s first and family name
- the shipping address for the products/services ordered
- the billing address (in case it is different from the shipping address)
- invoicing information (in case an invoice has been requested)
- contact telephone number
- the user’s e-mail address.
- The user’s country
In addition to the above, NEIROMAI. also collects and stores the following personal data for the registered users:
- order history
- frequency of visits
- products/services in the cart or wish list
- participation in promotions.
In the event that products/services are requested to be delivered to a third party other than the visitor or the registered user, the latter acknowledges that he/she is fully responsible to notify and to obtain proper consent from the designated recipient, for the communication of the recipient’s personal data to NEIROMAI. for the sole purpose of delivering the relevant products/services, and assumes full responsibility for any claims made by that person (recipient) against NEIROMAI..
The credit/debit card details used by the visitor or the registered user are not retained by NEIROMAI. during the transaction but are entered directly in the secure environment of the partner company (ViVa) that has undertaken the credit/debit card billing and processing.
The visitor and the registered user are also informed that, as far as the communication with them by NEIROMAI. is concerned, NEIROMAI. processes the contact information that the user has provided in accordance with the applicable legislation.
-
Data recipients: For each of the processing purposes user data may be transferred to the following parties:
- The respective employees of NEIROMAI.
- The tax, etc. authorities in case of a relevant audit and/or other authorities as provided by law
- External partners providing NEIROMAI. with internet services, storage and management of online orders, courier services or group delivery of products.
For all data collecting and processing procedures, NEIROMAI. requires by its employees, processors and agents to fully comply with the provisions of the EU General Data Protection Regulation 2016/679 (GDPR) as well as with the applicable national laws in force in relation to personal data protection and they are bound by contractually agreed compliance obligations. NEIROMAI. requires its employees, website providers, as well as its third-party partners to take all necessary technical and organizational measures (including appropriate policies and procedures to prevent the disclosure of the personal data of its visitors/registered users and to have adopted and implemented procedures for the personal data management and processing in a manner that is lawful and ensures protection in accordance with the GDPR).
d) Data subject rights:
Any visitor or registered user, as a data subject, may exercise his/her rights at any time, as provided for in the General Data Protection Regulation 679/2016 EU, and in particular Articles 12 to 23 thereof and the national legislation; more specifically:
- the right to receive information and obtain access to and/or to receive copy of the data processed by NEIROMAI.: the data subject has the right to receive confirmation if personal data related to him/her are being processed and, if so, to receive access to the data and information related to them, as well as a copy of this data.
- the right to restrict the processing of his/her data: the data subject may require from NEIROMAI. the restriction of processing of personal data concerning him/her.
- the right to rectify/complete or erase some or all (the right to erasure all data is also called “right to be forgotten”) of his/her personal data: the data subject may require from us the rectification of inaccurate personal data concerning him/her, the completion of incomplete personal data concerning him/her (taking into account the purposes of the processing), as well as the erasure of personal data concerning him/her.
- the right to object, that is to oppose the processing of his personal data: the data subject has the right, at any time and on grounds relating to his/her particular situation, to object to the processing of personal data that is based on legitimate interest.
NEIROMAI will take the actions requested by the data subject (by exercising any of the above-mentioned rights) only where the conditions regarding the respective right under the General Data Protection Regulation 679/2016 EU are met.
The aforementioned rights may be exercised as follows:
To exercise the right to access, to erase (in part or in its entirety) or to rectify/complete their personal data, NEIROMAI. provides the opportunity to registered users of the www.NEIROMAI.com website to view, rectify/complete their personal data through their personal account on the www.NEIROMAI.com website, using the menu option “My Account” or to request access, partial or total erasure or rectification/completion of their data via email to hello@neiromai.com .Users of www.NEIROMAI.com who place orders as visitors can exercise the above rights by sending an e-mail to hello@neiromai.com
NEIROMAI. shall take any reasonable and technically feasible steps to satisfy the data subject’s request within one (1) month as of the date of the valid submission of such request. In such a case, the data subject is notified that there is a minimum of its data that is necessary to be retained by NEIROMAI., in order to safeguard its legitimate interests. It is also noted that in order to submit a valid request, proper identification of the user is required so as to ensure that the person submitting a data subject’s request is the actual data subject of the specific relevant data.
The account deletion of the registered user of www.NEIROMAI.com may be performed via email request to the e-mail address: hello@neiromai.com
-
e) Data retention period:The personal data of the user who places an order as a visitor will be anonymized NEIROMAI. after forty (40) days from the completion or cancellation of the specific order. The data of the registered user shall be retained and processed by NEIROMAI. until the registered user requests the deletion of his/her account. Nevertheless, some required personal data relating to the transactions of the registered user/visitor with NEIROMAI. as well as proof for the notification for the processing of his/her data may be retained as information about the visitor or the registered user as a means of proving the lawful processing of such data by NEIROMAI. and/or for ensuring the legal claims of the parties and/or for the compliance with legal obligations, e.g. for tax purposes.
Your data and comments collected by NEIROMAI. when you communicate with the company either by using the online contact form at www.NEIROMAI.com , are retained by the company Customer Service Department for 2 years starting from the date of your contact and then anonymized for statistical purposes.
-
g)Transparency Obligation: For any information regarding user data as well as its processing and protection, any data subject may address the Data Protection Officer of NEIROMAI. (DPO) at hello@neiromai.com
Right to lodge a complaint:
The user is hereby informed that he/she has the right to file a complaint before the competent supervisory authority (Data Protection Authority, www.dpa.gr, Kifisias 1-3, P.C. 115 23, Athens)
-
h) Technical and Organizational Measures: , its processors and agents are contractually bind to implement the appropriate technical and organizational measures to protect, as best as possible, the personal data against accidental or unlawful destruction or loss, alteration, unlawful disclosure or access and, generally, to ensure its lawful processing (including remote data access) as well as to secure the possibility of restoring data availability and access. These measures are intended to establish a level of security that responds to the risks presented by the data processing in question, taking into account the nature and criticality of the data, the technological developments, the cost of implementation and the nature, scope, context and purposes of each particular processing, by implementing procedures for the regular testing, assessment and evaluation of the effectiveness of those techniques and organizational measures. In any case, NEIROMAI., its processors and its agents/collaborators commit to maintaining the confidentiality of the personal data and to not disclose or allow access to the personal data to any third party without prior notification of the data subject except when such access is expressly provided for by law.
i) Social Plug-ins, Buttons Facebook, Instagram, Twitter, Youtube, Pinterest etc.: You can use them if you want. These buttons link to third-party websites that collect and process personal data in accordance with their own policies. We are not responsible for the content of or data processing performed by these websites, and it is your responsibility to be informed about their own privacy policies. We have set these additions to make our Website more functional for its visitors, as well as to advertise our activity and services if you voluntarily share our content on the respective websites. We consider it as our legitimate interest to appear on these social networks and to try to promote our products and services. We rely on our legitimate interests to establish a presence on electronic social networks and to attempt to promote our products and services. If you express your preference on our webpage (e.g. you "like" our page) or followed us ("follow") on an online social networking service, this means, according to the practices of the respective social networks, that you will see messages, advertisements or material posted by us on our respective social media page and that we will obtain information of your public profile in the same social media. If you submit a question through the corresponding page or make a post, it will be visible to all "friends" and "followers" of our page on that specific social network and we can use the features provided by the same network to respond to you. You should not post on our social media pages or send us messages with offensive or illegal content and you should not share with us personal data of third parties unless you have obtained these parties’ valid consent. You should also not post on our social media pages or use these means of communication to send us any sensitive (special category) data or data of minors, because we cannot ensure the security and limitation of access to these data. Any post or personal/direct message that does not comply with these limitations will be deleted and the user's details may be given to the competent authorities if the post or the message also constitutes an illegal act.
-
j) Links to third party websites,plug-ins and applications:The website NEIROMAI.com may include links to websites, plug-ins and applications of third parties. Clicking on these links or activating these links may allow third parties to collect or share data about the user NEIROMAI. does not control these third-party websites and is not responsible for their privacy statements and the processing of personal data performed by them. In case the user leaves website NEIROMAI.com, NEIROMAI. recommends him/her to read the privacy statement on any website he/she visits. Putting these references on the website www.NEIROMAI.com is based on NEIROMAI. legitimate interest for improving its services and developing its activity.
-
Security
The SSL protocol (Secure Sockets Layer) is currently the global standard on the internet for website certification to web users and for the encryption of data between network users and web servers. An encrypted SSL communication requires all information sent between a user and a server to be encrypted by the sending software and decrypted by the accepting software, thus protecting personal information during transfer. In addition, all information transmitted with SSL is protected by a mechanism that automatically determines whether the data has been changed during transmission.
In addition, the password you set when you register to www.NEIROMAI.com constitutes personal security. To allow access to your online account and your personal information available, you must first enter the username and password. For this reason, you must keep this information secure, so it does not fall into the hands of unauthorized third parties. We also advise you to create a password using symbols in combination with alphanumeric characters. Finally, please remember that credit/debit card information is not stored in the company's database during the transaction but entered directly in the secure environment of our partner company (ViVa) that handles the credit/debit card transactions to which you are redirected to complete the purchase.
NEIROMAI. shall not use the users’ personal data for any purpose other than those stated in these this Privacy Policy without prior notification, and, where necessary, explicit consent by the data subject.
NEIROMAI. may change the present Privacy Policy at any time. You should check it regularly for any changes.
Important note: In July 2020 the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield Framework, the mechanism through which companies could transfer personal information or data to the United States in compliance with the General Data Protection Regulation (GDPR). Until this decision from the CJEU, data transfers within Google Analytics were based on this Framework. After the decision, data transfers are based on Standard Contractual Clauses provided by Google (article 46 GDPR) and, auxiliary, on your explicit consent, according to the terms set by article 49.1a GDPR, in the absence of an adequacy decision. Data subjects should be aware that their data may be used for profiling by Google and be transferred to the US and a competent public or security authority may be granted access to them, according to the USA security framework.