PERSONAL DATA PROTECTION POLICY

This Privacy Policy has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Greek and European legislation on the protection of personal data and describes how ELYSIAN EARTH I.K.E. (hereinafter referred to as the “Data Controller”), located in Piraeus, at 3 Mavromichali Street, P.C 18545, processes your personal data (hereinafter referred to as the “Personal Data”) as a visitor, user or buyer of the website and/or the online store (www.elysianearth.org), whether you are a simple visitor or a registered user or a buyer.

The website and the online store are considered a single platform; however, the processing of the Personal Data may differ depending on the function you use (navigation, purchase, communication).

1. The Data Controller

The Data Controller is ELYSIAN EARTH I.K.E.

You can contact the Data Controller using the following e-mail privacy@elysianearth.org  or through the phone +2104121980 for any matter related to the protection of your Data.

2. Personal Data We Collect

When you visit and use the website and/or e-shop we may collect the following Personal Data:

• Personal Identification Details: first name, surname, address, e-mail, telephone number
• Review/comment data: if you leave reviews, ratings, feedback and any kind of related comments on the Company’s services and products.
• Participation data in competitions or surveys (e.g. giveaways, forms)
• Shipping and billing address
• Browsing data (IP, cookies, product preferences) and device data (see Cookies Policy)
• Order history and shopping preferences
• Communications with the Company (e.g. via email or contact form)

3. Legal Basis of Processing

The Company processes your Personal Data:

• For the performance of a contract (e.g. purchase of products)
• to comply with a contractual obligation (e.g. purchase of goods (e.g. purchase of a product);
• to comply with a legal obligation (e.g. invoicing)
• based on legitimate interest (e.g. service improvement, security)
• with your consent (e.g. newsletter, cookies)

The reference to more than one lawful basis for the same processing operation does not imply lawful basis swapping to the detriment of your rights. Rather, it is recognized that in some cases multiple lawful bases for the same activity may exist.

4. Use of Personal Data

Your Personal Data is used for:

• Execution and delivery of orders
• Delivering and fulfilling your orders; fulfilling deliveries and services; invoicing and tax compliance
• Customer support
• Communication (updates, offers, newsletters)
• Statistical analysis and user experience improvement
• Detection and prevention of malicious actions or fraud
• Compliance with legal or regulatory obligations
• Transaction documentation and requests handling (e.g. withdrawal, GDPR-based requests)

5. Data recipients

The Company may transfer your Personal Data to:

• Payment providers (e.g. Viva Wallet, PayPal)
• Logistics Companies
• Transport Companies
• Accountants, legal advisors, IT service providers, and other external partners under confidentiality obligations
• Hosting and email marketing platforms
• Competent authorities if required by law

Αs a rule, the Data Controllerf transfers Personal Data within the European Economic Area (EEA). In cases where a transfer to a third country outside the EU/EEA is required, such transfer shall be carried out in accordance with Articles 44 et seq. of Regulation (EU) 2016/679 (GDPR), using appropriate safeguards such as:

• adequacy decision issued by the European Commission
• Standard Contractual Clauses (SCCs) approved by the European Commission,
• Binding Corporate Rules (BCRs),
• Certification mechanisms and codes of conduct (Articles 40–42 GDPR),
• Specific contractual clauses or data protection agreements,
• Technical measures such as encryption, access restriction, and risk monitoring,
• Organisational measures such as regular staff training, security policies, and Data Protection Impact Assessments (DPIAs).

All Personal Data transfers outside the EU/EEA are conducted only when necessary and in full compliance with the GDPR requirements to ensure an adequate level of data protection regardless of location.

6. Retention period

The Personal Data shall be kept only for as long as necessary for the fulfilment of the relevant contract or legal obligation and in accordance with the statute of limitations or record-keeping periods or until the withdrawal of consent by the User, where applicable.

In any case, the Personal Data shall not be retained beyond ten (10) years, unless their retention is required by tax, accounting or other legal obligation, or for the exercise/defense of legal claims.

7. User rights

The Data Controller recognizes your rights regarding the protection of your Personal Data.

Thus, you have the right to:

1. Request access to the Personal Data that concerns them.
2. Request the correction of incorrect, inaccurate or incomplete Personal Data.
3. Request the erasure of Personal Data when it is no longer necessary or if the processing is unlawful. In some cases, the right to erasure is limited and will be assessed on a case-by-case basis under strict conditions.
4. Object to the processing of Personal Data for reasons relating to their particular situation, subject to Article 21(6) of the GDPR.
5. Submit a request to restrict the processing of Personal Data in specific cases.
6. Express their opinion and challenge the decision of the Data Controller regarding the processing of their Personal Data.
7. Submit a complaint to the Personal Data Protection Authority via a web portal

(https://www.dpa.gr/en)

To exercise your rights, please contact us at privacy@elysianearth.org

8. Data Security

The Data Controller implements organizational and technical measures to ensure the security of the Personal Data, including encryption, restricted access, regular risk assessment and data recovery procedures in the event of an incident.

9. Data of Minors

The use of the e-shop is directed exclusively to persons over 18 years of age. The Company does not knowingly collect personal data of minors. In the event that such collection is detected, the data will be deleted immediately.

10. Modifications

This Policy may be amended at any time by posting on the Website. We recommend that you check it regularly. Continued use of the Website after a modification of the Policy constitutes unconditional acceptance of the policy.

 

Last Modified: 15/7/2025