Privacy Policy
PERSONAL DATA PROTECTION AND PRIVACY POLICY
The private company under the corporate name “ASTHENIS PRIVATE COMPANY”, under the distinctive name ‘’ASΘENIS’’, owner of the website www.asthenis.gr hereinafter ‘’asthenis’’, informs you that the processing of your personal data is performed in accordance with the data protection law in force (Regulation (EU) 2016/679 – hereinafter GDPR) and the present Personal Data Protection and Privacy Policy of the website and declares that it is its aim to comply with the principles that govern the data protection regarding their processing and is committed to respect the civil rights and privacy of its customers.
- Data Processing Controller
The private company under the name “ASTHENIS PRIVATE COMPANY” is the Data Processing Controller (hereinafter the “Controller”).
You may communicate with the Controller at the following email address info@asthenis.gr.
- Definitions
Data Subject: any natural person whose personal data is processed by us or on our behalf.
Personal Data: any information relating to an identified or identifiable natural person, which pertains to the physical, physiological, psychological, emotional or financial status, the cultural or social identity of said natural person.
Processing: processing of personal data (“processing”), is any operation or set of operations which is performed on personal data such as, indicatively, the collection, record-keeping, storage, alteration, analysis, use, association, restriction, erasure or destruction.
Transmission: the access to personal data, for example by allowing access, transmission, or publication.
Controller: the person who determines the purpose, the content, and the procedure of the processing of personal data.
Processor: the natural or legal person who processes personal data according to the controller’s instructions.
- The Data that we process
With your consent, we process the following personal data that you provide when you interact with the website and use the services and functions it offers. ASTHENIS does not collect or request the provision of personal data of minors as we do not provide our services to minors.
The personal data we collect are categorized into the data of ordinary visitors and the data of the users of the website, as follows:
- a) ORDINARY VISITORS:
– Personal data collected during your navigation on the website:
During your navigation in ASTHENIS, your data are collected based on the use of the website (“usage data”) for the purpose of analysis, monitoring, and improvement of ASTHENIS and the services it provides. Usage data may include the IP address, the geographic location, the type and version of the navigation tool, the operational system, the source of reference (which page you have reached the website from), the duration of the visit, the page views and the navigation routes of the website, as well as information related to the time, frequency, and way of using the website and its services by you.
The aforementioned personal data of the website visitors are limited to the information needed for the smooth operation, security, support of the website and the provision of certain services to its users, as well as the improvement of this website and its services, in accordance with the existing legislation on personal data.
– Communication form:
The visitors of the website who wish to contact us, may fill in the relevant form by clicking on the relevant link “Contact”, providing us with personal data that may include the following: name, email, phone, as well as any personal data that may be included in the field “comment” of the communication form.
The aforementioned personal data shall be solely used for the purpose of our communication with you.
– Newsletter:
The visitors of the website who wish so, may ask to receive our Newsletter by filling their email in the field “subscribe here”. Their email shall be solely used for this purpose. In case they do not wish to keep on receiving our Newsletter, they may ask to be exempted from receiving it by clicking on the link provided for this purpose each time they receive a Newsletter. Should you opt to be deleted from a service or communication, we will try to erase your data as soon as possible; nevertheless, certain time and/or information may be required, prior to processing your request.
- b) USERS OF THE E-SHOP AND THE WEBSITE SERVICES:
While using the website, personal data are collected and processed when someone places an order or answers the questionnaire to receive advisory information either (i) as “visitor”, namely without having “registered” or (ii) after having “registered” in the website.
In particular, when one either places an order as visitor or after registering in the e-shop, various data are collected, which also include personal data which, according to the displayed relevant form, include the following: Name, Surname, Email, Address, Country, City, Postal Code, Municipality, Phone, TIN, Tax office.
The aforementioned personal data of the users of ASTHENIS are collected and processed for the confirmation of the agreement and the placement of orders, e.g. the communication with the visitor/subscriber with regard to the stage of the order and the provision of information about purchases that have taken place, the delivery of the order on the desired premises, the identification of the visitor/registered user/third party in every case this is deemed necessary, as well as their update about the existing stock in the e-shop.
In case the visitor/subscriber asks for the goods to be delivered to a third party, then the visitor/subscriber is liable to inform and obtain the consent of the third party, who is defined as recipient of the relevant products, to communicate their personal data to the e-shop for the purpose of delivery and bears full responsibility for any claims of the third party against the e-shop.
At the end of the user’s transaction with our website, the user is asked a question regarding the source of the information about our products, which the user answers optionally, without affecting their transaction with us. In case the user enters the website via a QR code, which has been provided by a doctor collaborating with our company, the user answers, if he wishes, a relevant question submitted by us about the identity of the doctor who informed him of our company.
– Payments data:
In order to complete the purchase, the user is asked to make the payment and then he/she is transferred, depending on their preference, to a safe environment and in particular (a) to ALPHA BANK’s Automated Payment System for crediting their customer’s credit/debit cards or (b) to the safe environment of PayPal, where they enter the required data. Τhe e-shop ASTHENIS shall, by no means, store the payments data (cards data etc.). All transactions taking place through ASTHENIS are made by using SSL certificate and are therefore encrypted, providing the highest possible security level against interception of personal data.
If you choose to save your credit/debit card details, you explicitly allow us to use the mentioned data as necessary for the activation and development of this function. The card CVV code is only used for purchases in progress and is not saved or subsequently processed as part of your card details. Your consent to the activation of this feature ensures that your data is automatically filled in on subsequent purchases, so you will not need to enter it every time you make a purchase.
– Newsletter:
Upon registering in the website, the user who wishes so may ask to receive our Newsletter as well as our promotion actions, by selecting the relevant box created for this purpose. In such case, the user’s email shall be used solely for this purpose. The registered user of our website may, if they changes their mind in the future, ask to be exempted from receiving our Newsletter and promotion actions, by using the relevant choice provided. Should you opt to be deleted from a service or communication, we will try to erase your data as soon as possible; nevertheless, certain time and/or information may be required prior to processing your request.
In order to satisfy the requests that you submit via the communication form or/ and to offer you updates, in general or regarding undesirable actions, it is necessary to consent to the processing of your data. Without said mandatory data or your consent we are unable to proceed further.
In any event, even without your prior consent, the Controller may process your data, in order to comply with her obligations under law, regulations and the EU legislation, to exercise their own lawful interests and, in any occasion, pursuant to articles 6 and 9 of the GDPR, as the case may be.
The processing is performed by means of computers as well as hard copies and always entails the implementation of security measures in accordance to the legislation in force.
- Why and how we process your data
The data is processed for the following purposes:
– to handle the requests that you submit via the “Communication Form”. The legal basis for the data processing for this purpose is your consent (article 6 par. 1 a) and article 9 par.2 a) of the GDPR).
– to execute your orders in our e-shop. The legal basis for the data processing for this purpose is the performance of the contract (article 6 par. 1 (b) and article 9 par.2 (a) of the GDPR);
– to handle the reports for undesirable actions that are submitted via the website or the forms. The legal basis for the data processing for these purposes is your consent (article 6 par. 1 a) and article 9 par.2 a) of the GDPR) as well as any public interest (article 9 par.2 (i) of the GDPR) and legal obligation
Also, but only upon your optional consent which is the legal basis for the data processing pursuant to article 6 par. 1 a) of the GDPR:
– in order to receive advertising material (direct marketing) from us – newsletters.
– for marketing purposes when you provide the name of the partner doctor who informed you about our services.
With regard to the email updates, you may remove yourself from the relevant list of recipients at any time, by following the instructions contained in every communication. Should you opt to be deleted from a service or communication, we will try to erase your data as soon as possible; nevertheless, certain time and/or information may be required prior to processing your request.
By choosing the appropriate fields in the communication form you provide your consent to the processing of your data for these purposes.
In any case, your data may be subject to process, even without your consent, in order to comply with laws, regulations and the EU legislation (article 6 par. 1 (c) of the GDPR) in order to receive statistical data pertaining to the Website’s use and its proper operation (article 6 par. 1 (f) of the GDPR).
The personal data is entered in our information system in full compliance with the data protection legislation, and their processing is based on the principles of proper practice, legitimacy, and transparency.
Data are stored for as long as it is necessary to accomplish the purposes for which the personal data are processed. In any event, the criteria to determine said period is based on complying with the time limits provided by law and the principles of data minimisation, storage limitation, and rational processing of the records.
All data shall be subject to processing in hard copies or via automated means, by ensuring in any case the appropriate level of security and confidentiality.
- Automatically collected Information and Cookies
Certain type of information is collected automatically, every time you enter our website, as well as through certain emails that we exchange. The automated technologies we use may include, for example, web servers / IP addresses (web server log) and cookies.
Web data servers / IP addresses
The IP address is a number given to your computer each time you connect to the internet. All computers on the internet are identified by their IP addresses, which allow computers and servers to recognize each other and communicate with each other.
Cookies policy
Cookies are information transferred from a web server to your browser and stored on the hard drive of your computer. Cookies do not harm your computer system and do not affect its functionality. Cookies also make browsing the web easier for you. The website uses cookies to provide specialized services and content that interests you.
Cookies help analyzing whether the website is frequently visited or let us know when you are visiting a specific website. Additionally, they allow us, inter alia, to store your preferences and settings, they allow you to connect with our services, contribute to eliminating fraud and analyze the performance of the website and its electronic services.
We use cookies to collect information, solely for the purposes described in this Policy.
What are cookies : Cookies are pieces of information, in the form of very small alphanumeric text, that are saved on your computer with your permission, helping our website to function more efficiently. Cookies in no way cause damage to users’ computers or to the files stored on them.
The following cookies do not contain personally identifiable information. Only if you submit personally identifiable information, such as a sign-up application or email, automated media will be used to provide further information about your use of the websites and/or interactive emails with the goal of improving their usefulness to you.
Strictly necessary cookies
Strictly necessary cookies are essential to the efficient operation of the website, allowing you to browse and use its features, such as access to secure sites, registration forms, favorites, use of the shopping cart and for security reasons. These cookies do not recognize your identity. Without these cookies, we cannot offer an efficient operation of our site.
Cookies Functional & Statistical Analysis
These cookies are essential for the proper function of the website (e-shop), as they allow you to browse and use its features. They are also used to improve website performance and allow us to collect information regarding how you use our website, including the content you select while browsing, in order to measure the effectiveness and interaction of consumers with the website, as well as improving our page over time.
Cookies advertising
These cookies are used to provide content that best suits your interests. It can be used to send targeted ad / bidding, limit ad serving or measure the effectiveness of an ad campaign.
Opt-out : most web browsers accept and collect cookies automatically. However, you can set your web browser to accept all cookies, reject all cookies or notify you when a cookie is set. Depending on the security settings of your web browser, you may be able to reject all cookies. If you reject all cookies, you may not be able to use the website.
To manage and disable cookies, follow the relevant instructions per browser:
The website www.allaboutcookies.org provides instructions on how to manage cookies using different types of browsers.
Your prior consent is required for the use of cookies. The only exception to this rule are cookies that serve the functional needs of the website (functional cookies) which are necessary for the appearance and effective operation of the website on your computer. By accepting the ASΘENIS Terms of Use, this Policy and the message regarding cookies, we consider that you have given your consent to the use of cookies.
Log Files : Due to the nature and mode of operation of the internet, as soon as you visit our website, our server records your IP address in a special file (log file), which constitutes personal data, even if we are not able to identify you based on this data. In addition, log files also help us to record information about the type of browser and operating system you use and further information about your online visit, such as the URL from which you accessed www.asthenis.gr, the date and time of your visit. This information is stored only for the period of time necessary to ensure the security of network, information and services against accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity and confidentiality of the stored or transmitted data (e.g. “denial of service” attack monitoring).
- Principles applied during processing
We may process your personal data, in order to provide personalised services, in accordance to article 6 par. (1b) of the GDPR and the National Legislation that implements it. Your personal data are not used for other purposes, apart from those described herein, unless we receive your prior consent or if required or allowed by law.
Personal data are processed in a manner compatible to the purpose for which they are collected.
The principle of proportionality is applied during the processing of personal data; amongst others, said principle creates the obligation to not purposelessly collect personal data.
Personal data, which are used, should be precise and updated.
Personal data, which are used and are no longer precise and comprehensive, should be revised by you or deleted.
With the exception of cases where there is a legal obligation to retain them for a longer period of time, personal data should not be stored longer than required for the purposes for which they were collected or processed
The processing of personal data are performed in good faith. i.e. the data subjects should be confident that the controllers will demonstrate the proper attention in all data processing cases.
The data subjects, shall be informed accordingly, if they request it. More specifically, they have the right to be informed on the purposes, for which their data is processed, the nature of the data concerned, as well as the identity of the data recipients. When deemed necessary, the data subjects also have the right to request the correction, non-transmission or erasure of their data.
The aforementioned rights may be limited only if said limitation is provided by law. This applies, specifically, in the event of a scientific research.
More specifically, personal data is protected against an unauthorised disclosure and any illegal processing. The measures which are implemented safeguard a security level equivalent to the nature of the data that need to be protected and the dangers that may arise during their processing.
Our employees and associates, who are engaged in the personal data processing, are informed and trained accordingly.
The procedure for the personal data processing by third parties following an agreement, shall be defined in writing, having ensured that said third parties shall process the personal data in a secure manner and shall comply with the principles of this Policy and the GDPR. If we conclude that the third parties are unable to secure a satisfactory level of protection of the personal data, we shall terminate our cooperation with them.
- Persons with access to data
The data are processed via electronic means and manually according to the procedures and practices related to the abovementioned purposes and are accessible by the Controller’s personnel which is authorised to process the Personal Data and their supervisors and, more specifically, employees of the following categories: technical personnel, Information and Networks Security personnel and administrative personnel, as well as other members of the personnel that are required to process data while performing their duties. Any personal data that you submit to our website are kept exclusively for purposes pertaining to your transactions with us, the improvement of our services and the safekeeping of the operation of the relevant service and may not be used by any third party (with the exception of any competent authorities, if provided by law).
The data may also be communicated to non – EU countries (“Third Countries”): (i) to institutional bodies, authorities, public agencies for institutional purposes: (ii) to professionals, independent advisors – whether acting individually or collectively – and other third parties and providers that offer to the Controller commercial, professional or technical services required for the website’s operation (e.g. IT and Cloud Computing services) for the purposes mentioned hereinabove and the support of the Company in providing its services.
The aforesaid recipients receive only the necessary data for their relevant operations and duly perform their processing exclusively for the purposes mentioned above and according to the data protection legislation. The data may also be communicated to other lawful recipients, determined from time to time by the legislation in force.
With the exception of the foregoing, the data shall not be communicated to third parties, natural persons or legal entities, that perform duties of commercial, professional or technical nature for the Controller and shall not be disseminated. The persons that receive the data shall process them, depending on the occasion, as Controllers, Processors or persons authorised to process the personal data for the aforementioned purposes and pursuant to the legislation on the data protection in force.
With regard to the transfer of data outside the EU, even to countries whose legislation does not guarantee the same level of protection of the personal data privacy as the one offered under the EU laws, the Controller informs that the transfer shall be performed in all instances according to the methods allowed under the GDPR, for example based on the user’s consent, based on the standardised contractual clauses which have been approved by the European Commission, by selecting counterparties that participate in international programmes for the free movement of data (e.g. EU – USA Privacy Shield) or which are implemented in countries that are considered safe by the European Commission.
- Your rights
If you wish, you may request at any time to exercise your rights as provided by articles 15-22 of the GDPR, to be informed regarding your personal data that we retain, their recipients, the purpose of their retention and processing, as well as their amendment, rectification or erasure, by sending a relevant email to the email addresses mentioned above, from the email address that you have indicated, and filling out the application which the beneficiary may provide to you with an attached copy of your ID. Moreover, you have the right to review your personal data that we retain and, in general, to exercise any right under the legislation for the protection of personal data.
The personal data that you communicate to the owner of the website via “www.asthenis.com“, are collected and are used and processed pursuant to the provisions of the new General Data Protection Regulation in force on the protection of personal data GDPR (EU) 2016/679.
More specifically, you have the following rights:
- The right to be informed regarding your personal data: Following a relevant request, we will provide you with information relating to your personal data, which we retain for you.
- The right to have your personal data rectified and completed: If you notify us accordingly, we shall rectify any inaccurate personal data concerning you. We shall complete any incomplete personal data, if you notify us accordingly, provided that said data are necessary for the processing purposes.
- The right to have your personal data erased: Following a relevant request, we shall erase your personal data which we retain. Nevertheless, certain data shall be erased only after a defined retention period, for example because in certain occasions we have a legal obligation to retain the data, or because the data are necessary in order to fulfill our contractual obligations towards you.
- The right to restrict the processing of your personal data: in certain occasions provided by law, we shall restrict the processing of your data, if you request it. Additional processing of restricted data is only performed to a very limited extent.
- The right to withdraw your consent: you may at any time withdraw your consent for the future processing of your personal data. The lawfulness of processing of your data remains unaffected, until you withdraw your consent.
- The right to object to the processing of your data: You may at any time object to the future processing of your personal data, if we process your data on the basis of any of the legal reasons of article 6(1) point (e) or (f) of the GDPR. If you object, we shall cease to process your data, provided that there are no legitimate grounds to further process them.
- Security of Personal Data
ASTHENIS implements specific procedures of technical and organisational security, in order to protect personal data and information against loss, misuse, alteration or destruction. Our associates that offer us support pertaining to the operation of this website also comply with these provisions.
ASTHENIS shall make any reasonable effort to retain the collected personal data only for as long it is required for the purposes for which they were collected or until it is requested to erase them (if that occurs first) unless they are retained as provided by law.
- Hyperlinks to other websites
The website www.asthenis.gr may contain hyperlinks to other websites, which are governed by other statements and policies for the protection and privacy of personal data, the content of which may differ from the present Policy. Please study the privacy policy of any website that you visit prior to submitting any personal data. Although we try to offer hyperlinks only to websites that share our high standards and respect to your privacy, we are not responsible for the content, the security or the privacy practices applied by other websites.
- Third party services.
In order to provide, improve, promote and protect our services, we may need to use third party services. These third parties may access, process or store information to perform tasks solely for the purpose we have authorized them. We require them to provide at least the same level of security for your data as we do, as described in our Privacy Policy. Personal data may be disclosed to third party service providers who assist in our business operations, always under conditions that fully ensure that your personal information is not being unlawfully used. Indicatively, we share data with SMTPServer to send emails of technical nature, we use the SMTP outgoing server services of the same hosting server from the company Redcase (for the privacy policy of Recase please see https://redcase.gr/privacy-policy) as well as with the international newsletter sending service Mailchimp (for Mailchimp’s privacy policy please see: https://mailchimp.com/gdpr/).
- Policy Reviews
We reserve the right to amend or review periodically this Policy, in our absolute discretion. In the event of any changes, the date of the amendment or review shall be recorded in the Policy and its updated version shall be effective vis-à-vis to you henceforth. We encourage you to periodically read this Statemen to examine whether there are any changes regarding the way we process your personal data.
The present Policy constitutes a Statement of Compliance with the provisions of Regulation (EU) 2016/679 and the national law that implements it.
Date of last update: 31.08.2022
When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.