MISTIC NETWORK SECURITY AND PERSONAL DATA PROTECTION POLICY
The network of stores selling cosmetics, beauty products and related items, MISTIC, consists of privately owned stores and cooperating independent stores under franchise agreements (franchisees) throughout Greece https://www.mistic.gr (hereinafter MISTIC).
MISTIC attaches great importance to the legal collection, processing, use, security and protection of your personal data, in any capacity you communicate or cooperate with us, such as as potential candidates or active customers, consumers, visitors to our physical and online stores, corporate websites , employees, suppliers, craftsmen, individuals or third parties cooperating with any company in our network.
What is your personal data that we collect
Your personal data includes any information that allows, either alone or in combination with others, your unique identification, according to the provisions of the General Regulation of Personal Data Protection (GKPD 2016/679), the current Greek legislation and the decisions of the Protection Authority. Personal Data (APDX).
The category includes information that is entered in electronic media, such as identifiers of your equipment or terminals, computer, smartphone, tablet, history of your web searches, log files, cookies, etc.
2. Processing with your explicit consent
MISTIC will use your information for the following legitimate processing purposes, provided you have given us your express and specific consent, which you are free to revoke at any time, unless required by law, namely:
For the payment, repair, change, delivery to your home of the products you bought in order to complete your requests, purchases and orders and commercial transactions together
To answer your requests and questions, such as indications for product information and comments on improving our products and services.
To announce the results of the surveys, draws and competitions in which you may have participated.
For quality assurance and training purposes of our staff, then telephone communication with our customers may be recorded.
For the analysis of website traffic and the improvement of your experience and for us to provide you with information related to products, services, special offers and promotional actions as specifically mentioned in the cookie acceptance update.
For internal operations and analysis such as internal management, fraud prevention, use of management information, pricing, accounting, billing and control.
For filling vacancies based on CVs that you send us either voluntarily or after the publication of a job advertisement by our company.
3. What are the principles of collection and processing
The Company and its trained staff apply the ten Processing Principles of GPD 2016/679 (legality, objectivity, transparency, purpose limitation, data minimization, accuracy, limitation of storage time, integrity, confidentiality and accountability).
The Company protects and secures your eight Rights regarding the use of your Personal Data (information, access, correction, deletion, restriction of processing, portability, opposition and non-automated decision-making based on profile, as specified in Greek law). The above applies without discrimination and applies to all treatments performed and all services provided by MISTIC.
4. What are the ways of collecting your personal data
-when you contact our offices or the staff of our customer service department by recording the content of your calls and any communication with our call center, with your comments and preferences for purchases and for expressing your opinion or comments.
-when you send us the postal address of issuing or sending an invoice or proof of service as well as delivery details of your order.
-when you fill out an application or form to check your age and find out if you are legally allowed to enter into a valid contract with us or if you need the consent or signature of your parents / guardians.
-when you voluntarily subscribe to printed or electronic catalogs to receive printed, electronic or SMS information material or other marketing material or to renew your preferences or when participating in competitions, questionnaires and surveys
-when you visit our websites through which we collect via cookies information from your terminal device, such as your Internet Protocol (IP) address, the operating system you use, the type and version of your browser, etc. • when we send recruitment CVs to stores in our network
-when we receive documents, requests, orders, lawsuits, warrants, etc. from third parties, such as supervisory, prosecutorial, judicial, tax authorities, to investigate crimes and protect you against fraud or the fight against any form of crime and infringement of legal property.
5. Minimize, save and delete your data
Our Company will always ask you for the minimum required personal data by law to be informed or to buy our products, to communicate through websites with other users or to take part in competitions and promotions.
Our Company keeps your personal data only for as long as required by the contractual terms of each service, in combination with the current tax, labor and special legislation on personal data protection and consumer protection, based on the purpose of processing, and then anonymizes them. , destroys them or delivers them to the customer after receiving the items from each store.
You can ask us to find out what data we collect about you and to correct or delete it, unless retained by law for tax, evidentiary or judicial purposes and to prosecute illegal acts.
6. Cookies Policy
According to the European Directive E-Privacy 2009/136 / CE (which will be replaced by Regulation) our website accepts the use of "cookies". These are online tools for collecting and analyzing information from social networking platforms or partner third-party websites, in order to measure traffic, improve the functionality, content and overall appearance of each of our websites and to adapt to the needs and preferences of our customers. us.
By using our website, you agree (opt-in) to the processing of your personal data collected by social networks or search engines, e.g. Google Analytics, Facebook social plug-ins, Google+, etc., without any involvement, influence or control by the Company and are transmitted either inside or outside the European Economic Area (28 EU Member States plus Iceland, Liechtenstein and Norway), for which these third parties are solely responsible.
If you do not wish third parties, such as Google, Facebook, Twitter, etc. to receive information from your browser, when you visit the Company's websites you can opt out by making the corresponding option provided by the respective User Policy on the website of each such third party. part.
You can also change the settings on your computer by choosing not to automatically accept cookies, or to be asked to accept each one individually. But be aware that this will limit the range of browsing options available to you on any web site.
7. Transfer your data to third parties
As a rule, MISTIC does not transfer your personal data to third parties except when we act as intermediaries and to the extent required to complete your order and fulfill requests for the services we provide. Often your personal data is collected independently by third parties, such as e.g. beauticians of independent cosmetics companies that are housed inside our stores (shop in shop) without any involvement or involvement of us.
Third parties may still be official state and supervisory bodies (eg prosecutors and prosecutors, supervisors, etc.) when we are called upon to comply with the law and to prevent illegal actions against us and our clients.
MISTIC selects reputable providers by imposing contractual restrictions on third parties receiving your personal data, to ensure that they use them in accordance with this Policy and relevant Greek and European data protection legislation.
However, we can not guarantee that third parties will not use or disclose this data without your permission. We therefore recommend that you carefully consider the privacy practices of any third party providers whose products or services you purchase through our websites or online stores.
In order to process your data, we may need to transfer your information to other countries, including countries primarily within and outside the European Economic Area (EEA) based on EU adequacy decisions, corporate binding rules, standard contracts and approved codes of conduct.
The independent companies of cosmetics, clothing or footwear, etc. that maintain stores (shop in shop) in MISTIC stores and possibly collect (on line, forms, printed forms, etc.), independently your personal data as Processors are third parties to us. MISTIC selects trusted partners, but since it does not have access to this data, it assumes no responsibility for their use. Our customers need to know that they do not provide them to MISTIC but to independent companies.
8. Security of your personal data
At MISTIC we have specialized and experienced staff, and we take the appropriate technical and organizational measures to ensure that your personal information is transferred, stored and processed, in accordance with the appropriate standards and security procedures (anonymization, pseudonymization, data encryption, use of firewalls, etc. access levels, authorized staff, staff training, periodic audits), and in accordance with the terms of this Policy and applicable data protection laws.
Any partner who has access to the above information, uses it to serve exclusively the above purposes. We share the information you provide to us exclusively in the ways described in this Policy and in accordance with your express and specific consent per type of processing which you can at any time and freely revoke by contacting us.
9. View targeted ads
We may use your personal data together with other information we have collected, after human intervention by our marketing department, to display ads related to your obvious preferences on our website or any other website.
However, we do not use automated tools to track and evaluate your consumer profile and your general preferences with other personal information (such as your email address) to display ads or send you personalized offers. In addition, we do not share your personal information with third parties, so that they have the ability to send you relevant ads, unless you have expressly consent to them.
If you wish to stop sending us updates or offers, you can use the unsubscribe link at the end of the email you received from us.
10. Links to third party websites
Links to other websites
Our online offers may include links to other websites. Previous information regarding the protection of personal data applies only to our website. Please pay attention to the definition of linked websites regarding the protection of personal data. Regarding the content of third party websites, which are provided through Links and are displayed in a special way, we do not bear any responsibility and we do not adopt it.
The illegal, problematic or incomplete contents of the linked websites, as well as for damages, resulting from the use or non-use of their information, are the sole responsibility of their provider. We are only responsible for third party content when we have received positive knowledge of it, ie of a potentially illegal content and it is technically possible and feasible to discontinue its use
11. Unsolicited commercial communication
We do not in any way allow the collection of e-mail addresses or general information of our customers and subscribers, through our website or our services. We do not authorize or authorize any attempt to use our services in a way that could harm, disable, encumber any part of our services or impede anyone wishing to use our services.
If we consider that any unauthorized or inappropriate use is made of any of our services, we may, without notice, in our sole discretion, take the appropriate measures to block messages from a specific area on the internet (domain), a server emails, or an IP address. We have the right to immediately delete any account that uses our services, which, in our sole discretion, transmits or is associated with the transmission of any messages that violate this policy
12. Contact for questions or comments
If you have questions about the collection, processing and use of your personal data, then please contact our Privacy Department.
In case of deletion from a list of newsletters you can follow the delete link.
In case you want us to disclose the data we hold on your behalf, you must send the following form via email.
Identification information: To ensure that we will communicate information only to you and not to the wrong person, the following identification information will be requested when completing the form (form link):
MISTIC requests the mobile phone as a unique identification element and will not use it for any promotional action or communication unless the customer has expressly accepted otherwise. The customer is responsible for updating his details in the company (eg change of phone number) so that there is still the possibility of unique identification of the person. The company does not bear any responsibility if the request comes from an unauthorized person to use or has access to the above information
13. Validity of Security Policy and Personal Data Protection
This Policy was published by the Company on December 25, 2022 and is subject to periodic improvement and revision.
Any changes to this Policy will apply to the information collected from the date the revised version is published, as well as to the existing information we hold. The use of the website after the publication of changes implies your acceptance of these changes.