Our company with the name "STELMA IT & FOOD AGENCIES SA", based in Athens, at 69 Poseidonos Avenue, 17456 Alimos Attica, which operates this online store under the registered domain name "HEYBOX, A friend of Taste", hereinafter "the Company", attaches great importance to the fair and lawful processing, security and protection of your personal data under the GDPR 2016/679 and Greek Law 4624/2019.
The protection of your personal data is applied indiscriminately, no matter who you are and in what way you communicate or cooperate with us. Your data will be protected if you are a potential or active customer, a consumer, a visitor to our website, an employee, a supplier, professional or collaborating third party.
1. What is your personal data?
This information includes any information on paper or electronic means which may lead, either directly or in combination with other data, to your unique identification or your detection as a natural person (such as name, VAT number, AMKA, Personal Number, physical and electronic your addresses, photos, social media posts, your landline and mobile phone numbers, callers and calling numbers, your bank / debit / prepaid card details, your e-mail addresses, identifiers of your equipment or terminals, computer, smartphone, tablet, your web browsing history (log files, cookies, etc.), and any other information that allows your unique identification in accordance with the above provisions (GPDR 2016/679, Law 4624/2019) and the current Greek legislation as well as the decisions of the Hellenic Data Protection Authority.
2. What personal data do we collect?
We process your personal data in accordance with the law and protect it when you contact us for telephone ordering or an online purchase of our products or services, or for information about our products and services, for your own use or on behalf of third parties.
3. Lawful processing
Our Company will use your information for the lawful purposes of processing provided in Article 6 GDPR, either with your explicit consent that you can withdraw at any time, or for the execution of a contract or a pre-contractual relationship with you, or for our vested interest or for defending your vital interest, namely:
To manage your calls when you search for information with the aim to complete your requests, purchases and orders.
To answer your requests and questions about our products / services as well as information and answers to your suggestions and comments on improving our products and services.
To announce the results of the surveys, lotteries and promotional contests in which you may have participated.
For reasons of quality assurance and training purposes of our staff, so the telephone communication with our customers might be recorded, as we will inform you with a recorded introductory message.
To analyze our website traffic and improve your experience as well as to provide you with advertising information related to new products, services, special offers and promotions.
For our internal operations and analysis such as internal management, fraud prevention, use by management, pricing, accounting, billing and control information systems.
In any case, you can change your preferences at any time by calling 210 8980873 or using the unsubscribe link at the end of each email you may receive from us (unsubscribe).
4. What are the principles of collection and processing
This Privacy Policy is intended to inform you of the terms of collection, processing and transmission of your personal data that we may collect as Controllers or Processors. The Company and its trained staff apply the Processing Principles of GDPR 2016/679 (legality, objectivity, transparency, purpose limitation, data minimization, accuracy, limitation of storage time, integrity, confidentiality and accountability). The above applies without discrimination and applies to all processing we perform and to all services we provide either independently or through our partner sellers.
5. What are the ways of collecting your personal data
By accepting the terms of use of each of our services the Company collects your personal data, in situations:
when you call our numbers or our short codes, when you send us an email, or fill out an application or order
when contacting our offices or our customer service staff and our call center, either for purchases or to express your opinion, complaints or comments.
when you send us the postal address for issuing or sending an invoice or proof of service as well as home delivery details of your order.
when you purchase a product and / or service to verify your age to determine if you are legally permitted to enter into a valid contract with us or if the consent or signature of your parents and guardians is required.
when you voluntarily subscribe to printed or online catalogs to receive information or other marketing material in printed form, electronically or through SMS. To renew your preferences or to participate in contests, questionnaires and surveys.
when you visit our websites through which we collect, with your explicit consent, information through cookies from your terminal device, such as your Internet Protocol (IP) address, the operating system you use, the type and version of your browser. etc.
when we receive documents, requests, orders, petitions, warrants, etc. of third parties, such as supervisors, prosecutors, judges, tax authorities, to investigate crimes and protect you against fraud or the fight against all forms of crime and to prevent the infringement of legal property (protected intellectual property, software, music ...).
6. Minimization, storage and deletion of your data
The Company will always ask you for the minimum personal data required by law to connect to our online platforms and services, to purchase products / services, to communicate through websites with other users or to take part in contests and promotions.
Our Company keeps your personal data only for as long as it is required by the contractual terms of each service, in combination with the current legislation, based on the respective purpose of processing, and finally anonymizes or destroys them. You can ask us and find out what data we collect about you and correct or delete it by completing a relevant application that we have available, unless their maintenance is required by law for tax, evidentiary or judicial purposes and to prosecute illegal acts.
7. What are your rights?
The Company protects and ensures your eight Rights regarding the use of your Personal Data (information, access, correction, deletion, restriction of processing, portability, opposition and non-automated decision-making based on profile, as specified in European and Greek legislation). In case you wish to practice any of them, you can send us a relevant request with your contact details and identification to the email address: privacy@stelmaservices.gr
8. Transmission of your data
As a rule, our Company does not transmit your personal data to third parties, except when we act as intermediaries and to the extent required to complete your order and to fulfill requests regarding the services provided by us. Such third parties may be official state and supervisory bodies (eg prosecutors, Cybercrime Prosecution, Hellenic Data Protection Authority, EETT, ADAE, supervising authorities) when we are called to comply with the law and to prevent illegal actions against us or our customers (eg illegal charging, telecommunication fraud, insult, discrimination of personality, etc.).
In our Company we select reliable providers and we try to impose contractual restrictions on third parties who receive your personal data, in order to ensure their lawful use. However, we can not guarantee that they will not use or disclose this data without your permission. For this reason, we encourage you to carefully consider the privacy practices of any third party providers whose products or services you purchase through our websites. In order to process your data, we may need to transfer your information to other countries, including countries primarily within the European Economic Area (EEA). If transmission outside the EEA is required, it takes place on the basis of EU Adequacy Rules, corporate binding rules, standard contracts and approved codes of conduct.
9. Confidentiality and security of your personal data
In any case, we take the appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of your data. Our goal is to ensure that your personal information is transferred, stored and processed in accordance with the appropriate international standards and security procedures (ISO 27001, etc.). In our Company we have trained and responsible staff, a Head of Security and Personal Data Protection, while we recognize the importance of protecting your privacy and all your personal information. For this purpose, we have appropriate security policies and use the appropriate technical and operational tools, such as anonymization, pseudonymization, data encryption, tokenisation, use of firewalls, establishment of access levels, authorized staff, training of staff, periodic security checks, compliance continuity.
Any partner who has access to the above information, uses it to serve exclusively the above purposes. We share the information you provide to us exclusively in the ways described in this Policy and in accordance with your explicit and specific consent per type of processing which you can freely revoke at any time by contacting us.
10. View targeted ads
Once you have given us written consent we may use your personal information along with other information we have collected, after human intervention by our marketing department, to display ads related to your apparent preferences on our website or any other website. However, we do not use automated tools to track and evaluate your consumer profile and your general preferences with other personal information (such as your email address) to display ads or send you personalized offers. In addition, we do not share your personal information with third parties, so that they may send you relevant ads, unless you have expressly consented in writing to them. If you want us to stop sending you updates or promotions, you can use the unsubscribe link at the end of any email you may have received from us.
11. Links to third party websites
Our Company websites may contain links that lead to other websites of third parties, independent bodies, such as, for example, payment service providers, electronic money institutions, advertisers, etc. which are operated and maintained exclusively by them, and which we do not control, as mentioned above. We therefore have absolutely no responsibility for the content, actions or policies of these websites. Please read the respective data protection policies on the websites you visit carefully, as they may differ significantly from ours.
12. Unsolicited commercial communication
The Company does not allow the use of our website or our services for the transmission of bulk or unsolicited commercial e-mails (spam). We also do not allow the sending of messages to and from our customers which use or contain invalid or falsified headings, invalid or non-existent domain names, techniques to hide the origin of each message, false or misleading information or violate them terms of use of websites. We do not in any way allow the collection of e-mail addresses or general information of our customers and subscribers, through our website or our services. We do not allow or authorize any attempt to use our services in a way that could harm, disable, burden the provision of any part of our services or prevent anyone wishing to use our services lawfully to do so.
If we consider that any of our services is used in an unauthorized or inappropriate way, we can, without notice and at our sole discretion, take the appropriate measures to block messages from a specific web space (domain), a server email or an IP address. We have the ability to immediately delete any account that uses our services, which, in our sole discretion, transmits or is associated with the transmission of any messages that violate this policy.
13. Contact for questions or comments
If you have any questions or comments about this Privacy Policy or if you feel that we have not followed the principles set out in it, please email us at privacy@stelmasercices.gr or contact us at the following postal address: 69 Poseidonos Avenue, 17455, Alimos, Attica, Greece
14. Validity of Security Policy and Personal Data Protection
This Policy was published by the Company on the 8th of April 2021 and is subject to periodic improvement and revision.