Privacy Policy
www.euta.gr
EUTA Privacy Policy
We are pleased with your interest in data protection on our website. We want you to feel satisfied and secure when visiting our website and to regard the implementation of data protection as a hallmark of quality toward our customers. With the following data protection notices, we inform you about the manner and scope of processing personal data by the Co-located Pharmacies P. Efthymiadou - D. Tachtalidou & Co. OE, operating under the trade name “EUTA,” located at Patriarch Grigoriou E’ 26, 542 48 Thessaloniki, Tax ID (AFM): 998633600, Tax Office (DOY): Z’ Thessaloniki, tel. 231 031 75 05, www.euta.gr, e-mail: info@euta.gr
Personal data refers to information that is classified or can be directly or indirectly attributed to your person. The legal basis for data protection is primarily the General Data Protection Regulation 679/2016, widely known by the abbreviation GDPR.
Contents Overview
• 1. Overview
• 2. Access to our website
• 3. Contact form / communication via e-mail / telephone calls / customer surveys
• 4. Competitions
• 5. Data processing for advertising purposes
• 6. Newsletter distribution
• 7. Online presence and website optimization
• 8. Recipients outside the EU
• 9. Your rights as data subjects
• 10. communications officer
• 11. Name and Contact Information of the Controller as well as Contact Information of the Data Protection Officer
1. Overview
Upon entering the website of the Sole Proprietorship (www.euta.gr), various information is exchanged between your terminal device and our server. In this case, the processing of personal data may also occur. The information collected in this manner will be used, among other things, mainly for optimizing our website or for advertising on your terminal device's internet browser.
2. Accessing Our Website
Purposes of Data Processing / Legal Bases:
When accessing our website, the following are automatically sent from the internet browser of the terminal device you are using, and without any action on your part:
• the IP address of the internet-accessible device that submitted the request,
• the date and time of access,
• the name and electronic address (URL) of the requested file,
• the website/application from which access was made (referrer URL),
• the web browser you are using,
• the operating system of your computer/device,
• as well as the name of your access provider (access provider).
The above information is transmitted to our website’s server and temporarily stored in a log file for the following purposes:
• Ensuring proper connection establishment,
• Ensuring comfortable use of our website/application,
• Evaluating the security and stability of the system.
If you have consented to so-called geolocation in your web browser or operating system, or based on other settings of your device, we will use this feature to provide you with personalized services related to your current location. We commit to processing your location data obtained in this manner exclusively for this purpose.
The legal basis for processing the IP address is Article 6 paragraph 1 point f of the General Data Protection Regulation 679/2016 (hereinafter GDPR). Our legitimate interest arises from the aforementioned purposes of data processing.
Recipients / categories of recipients:
As a general rule, the transfer of this data to third parties is excluded.
Storage duration / criteria for determining the storage period:
The data is stored for a maximum period of 50 months and is then automatically deleted. Once you stop using our website, the geolocation data is deleted.
3. Contact Form / Communication via Email / Telephone Calls / Customer Surveys
Purposes of data processing / legal bases:
The personal data you provide when filling out a contact form, via telephone, or email will, of course, be treated confidentially by us. We will use your data exclusively for a specific purpose: to process your request. The legal basis for data processing is Article 6 paragraph 1 point f GDPR. Both our legitimate interest and your parallel (legal) interest in this data processing arise from the goal of providing you with a response and, if necessary, resolving any existing issues, thereby maintaining and enhancing your satisfaction as a customer or user of our website.
If you participate in our customer surveys, this is done entirely voluntarily. During such anonymous surveys, no information is stored that would allow conclusions to be drawn about the participant. Only the date and time of your participation are stored. Any personal information you provide when responding to our survey is considered voluntarily provided and is stored in accordance with the GDPR. Please do not include your name or similar identifiable information in free-text fields that could allow conclusions about you or other persons.
In cases where consent is given in the context of a customer survey, the legal basis for data processing based on consent is Article 6 paragraph 1 point a GDPR. If you have granted consent in a customer survey, this consent can be revoked at any time with effect for the future. More detailed regulations regarding these cases can be found in the specific data protection principles of each customer survey.
Recipients / categories of recipients:
As a general rule, the transfer of data to third parties is excluded.
Exceptionally, data may be processed by processors acting on our instructions. These are carefully selected, monitored by us, and contractually bound in accordance with Article 28 GDPR.
Furthermore, it may be necessary to forward extracts of your request to our contracting partners (e.g., suppliers, for product-related requests) for the purpose of processing your request. If the transfer of your personal data is required in a specific case, we will inform you to obtain your consent.
The results of our customer surveys are generally used only for internal evaluations. As a rule, the transfer of data to third parties is excluded. We do not transfer personal data to third parties unless we have obtained your explicit consent.
Storage duration / criteria for determining the storage period:
All personal data you provide in the context of requests (suggestions, praise, or criticism) via this website or via email are deleted by us or anonymized no later than 120 days after the final response is provided. Experience shows that, as a rule, no further clarifying questions arise regarding your responses after 120 days.
4. Contests
Purposes of data processing / legal bases:
You have the opportunity, through our website, our newsletter, via short electronic messages such as SMS / Viber / related digital services (e.g., inbox), or in the future via the “EUTA” app, to participate in contests. Unless otherwise provided in the specific data protection principles of each contest, or unless you have given us additional explicit consent, the personal data you transmit to us as part of participating in a contest will be used exclusively for the execution of the contest (e.g., announcement of winners, notification of winners, sending of prizes) and, after a sufficient period of 90 days for possible objections, disputes, or claims from other participants, will be deleted. The legal basis for data processing is primarily Article 6 paragraph 1 point b GDPR. In cases where consent is given within a contest, Article 6 paragraph 1 point a GDPR constitutes the legal basis for data processing based on consent. If you have given consent in the context of a contest, you may revoke it at any time with effect for the future. More detailed provisions on these cases are specified in the specific data protection principles of each contest.
Recipients / categories of recipients:
Transfer to third parties occurs only if required for the execution of the contest (e.g., delivery of a prize through a cooperating company). As a general rule, further transfer to third parties is excluded.
Storage duration / criteria for determining the storage period:
After the end of the contest, the announcement of winners, and after a sufficient period of 90 days for possible objections, disputes, or claims from other participants, the personal data of participants are deleted. In the case of material prizes, the data of the winners are retained for the entire duration of any legal warranty claims, in order to allow subsequent restoration or exchange in case of defects.
1. Data processing for advertising purposes
Purposes of data processing / legal bases:
With your consent, we analyze usage behavior within our online presence as well as in the newsletters we send you. The analysis of usage behavior includes, in particular, the areas of the website you visit and the links you use there. Using this information, we create personalized usage profiles classified by individual or/and email address, so that “EUTA” advertising offers in the form of newsletters, website advertising messages, and printed advertising can be better tailored to your personal interests and improve our online offerings.
The legal basis for the aforementioned processing is Article 6 paragraph 1 point f GDPR or, in cases where corresponding consent exists, Article 6 paragraph 1 point a GDPR. The processing of data from existing customers for our own or third-party advertising purposes should be considered a legitimate interest.
Right to object:
You may object to the processing of data for the purposes mentioned at any time and free of charge, separately for each communication channel, and with effect for the future. A simple email or postal letter to the contact details listed in section 14 is sufficient.
Recipients / categories of recipients:
As a general rule, the transfer of this data to third parties is excluded.
Storage duration / criteria for determining the storage period:
If you revoke your consent for specific advertising channels or object to certain advertising channels, your data will be deleted from the respective email distributors.
If you object, the respective contact address will be excluded from subsequent advertising data processing. Please note that, in exceptional cases, the temporary sending of advertising materials may continue after receipt of the objection. This is technically dependent on the implementation time of the advertising messages and does not mean that your objection is not being respected. Thank you for your understanding.
2. Sending newsletters
Purposes of data processing / legal bases:
On our website, you have the opportunity to subscribe to our newsletter. If you consent to receiving our newsletter, we will use your email address and, possibly, your name to send information on products, promotions, contests, and news, as well as customer satisfaction surveys. We store and process this data for the purpose of sending the newsletter.
The contents of the newsletter include promotions (offers, discounts, contests, etc.) as well as products and services of “EUTA.”
With your consent, we analyze your usage behavior on the websites connected with www.euta.gr, mobile applications, and our newsletters. The analysis includes, in particular, the areas of the website, mobile app, or newsletter where you remained and the links you clicked. Using this data, we create usage profiles classified by individual or/and email address, so that advertising offers—especially via newsletter, website advertising messages, and printed advertising—can be better adapted to your personal interests and improve our online offerings. The legal basis for data processing for sending the newsletter is consent pursuant to Article 6 paragraph 1 a' GDPR.
To ensure that no errors occurred during the entry of your email address, we have established a double opt-in procedure. After entering your email address in the designated field, we send you a confirmation link. Only if you select this confirmation link will your email address be transmitted to our distributors.
You can revoke your consent to receiving the newsletter, participating in customer satisfaction surveys, and the creation of personalized usage profiles at any time with effect for the future, e.g., by unsubscribing from the newsletter via our website. The unsubscribe link is included at the end of each newsletter. By unsubscribing, your consent for the creation of personalized usage profiles and receiving personalized newsletters is also revoked. In this case, your usage data will be deleted.
Recipients / categories of recipients:
If external distributors are used for sending the newsletter, they must be contractually bound in accordance with Article 28 GDPR. As a rule, further transfer to third parties is excluded.
Storage duration / criteria for determining the storage period:
If you revoke your consent to receive the “EUTA” newsletter, your email address will be “locked” from receiving the newsletter. Your data will be deleted after 6 months by the respective email distributors.
7. Electronic Presence, Communication, and Website Optimization
7.1 Cookies – General Guidelines
Our websites use cookies in accordance with Article 6 paragraph 1 point f' GDPR. Το συμφέρον μας για βελτιστοποίηση της ιστοσελίδας μας πρέπει να θεωρείται ως έννομο, κατά την έννοια της προαναφερθείσας διάταξης. Our legitimate interest is to optimize the website. Cookies are small files stored on your device (computer, laptop, tablet, smartphone, etc.) when you visit our site. They do not harm your device, contain viruses, Trojans, or other harmful programs. Cookies collect information related to the specific terminal device used. This does not mean that we gain direct knowledge of your identity. Cookies are used to provide you with a more convenient experience. For this purpose, we use session cookies to recognize that you have already visited certain pages of the website. These are automatically deleted once you leave the website.
In addition, we use temporary cookies for convenience, which are stored for a defined period on your device. If you visit our site again, we automatically recognize that you have already visited, including the entries/settings you have used, so you do not have to repeat the same actions.
Furthermore, we use cookies to statistically analyze website usage in order to optimize our offerings and to display information tailored to you. These cookies allow us to automatically recognize your return visits. Cookies are automatically deleted after a predefined period, generally not exceeding six (6) months. Most web browsers automatically accept cookies. However, you can configure your browser to prevent cookies from being stored or to prompt you before a new cookie is stored. Complete deactivation of cookies may prevent the use of certain website functions.
More information on the cookies we use and your options to oppose them can be found in the Cookie Policy, as well as in Articles 7 to 9 here.
7.2 Google Analytics
Purpose / Legal Basis:
For the purpose of adapting and continuously optimizing our websites according to user needs, we use Google Analytics, a web analytics service provided by Google Inc. (“Google”), in accordance with Article 6 paragraph 1 point f GDPR. Our legitimate interest arises from the stated purposes. Pseudonymized usage profiles are created and cookies are used. The cookie records the following information regarding your use of this website:
• Browser type/version
• Operating system
• Referring URL (i.e., the previous page visited)
• Computer name and Internet Protocol (IP) address
• Timestamp of server request
This information is used to evaluate website usage, prepare reports on website activities, and provide additional services connected with the use of the website and the internet, including market research and website adaptation according to user needs. IP addresses are anonymized so that identification is not possible (IP-masking).
You can prevent the installation of cookies by adjusting your web browser settings accordingly. However, please note that in this case, it may not be possible to use all the functions of this website. Additionally, you can prevent the analysis of data generated by cookies regarding your use of this website (including your IP address), as well as the processing of such data by Google, by downloading and installing this extension in the Google Chrome browser. Alternatively, for mobile browsers in particular, you can also prevent Google Analytics from processing your data by selecting this link. This creates an opt-out cookie, which prevents the future analysis of your data during visits to this website. The opt-out cookie is valid only for the specific web browser and only for our website, and it is stored solely on your device. If you delete cookies from this browser, you will need to save the opt-out cookie again. For more information regarding data protection in relation to Google Analytics, please visit the Google Analytics website.
Recipients:
The information generated by the cookie is transmitted to a Google server in the USA and stored there. Under no circumstances is your IP address merged with other Google data. These data may be transmitted to third parties if legally required or if third parties process them on our authorization.
Storage Duration:
After anonymization of the IP address, it can no longer be linked to you. Data collected for statistical purposes is deleted from Google Analytics after 50 months. Reports generated do not contain references to individuals.
7.3 Website Targeting and Optimization
Purpose / Legal Basis:
On our website, information collected through cookies is analyzed and evaluated to optimize the website and advertising displays. This ensures that only advertisements tailored to your actual or inferred interests based on prior behavior are displayed on your device. The information processed for these purposes may include, for example, products you have shown interest in. The legal basis for this processing is Article 6 paragraph 1 point f GDPR. Website optimization for a better shopping experience and avoiding irrelevant ads serves both our interests and yours. The analysis is entirely pseudonymous and does not allow us to identify you. Specifically, this information is not merged with your personal data.
Recipients:
Recipients of the data are the aforementioned service providers, who process the data contractually for specific purposes and according to our instructions.
Storage Duration:
Cookies used and the information contained therein are stored according to the Cookie Policy and are deleted immediately in case of objection.
7.4 Re-targeting
Purpose / Legal Basis:
We also use re-targeting technologies from various providers. This allows us to shape our online offerings in a way that is relevant to your interests. A cookie is created to collect interest-based data pseudonymously. Browsing behavior is collected for marketing purposes anonymously and stored in cookies on your device, then analyzed by algorithm. Targeted product recommendations and personalized advertising banners of our products may then appear on our partners’ websites. At no point can this data be used to identify the visitor. No direct personal data is processed, and user profiles are not merged with personal data. The legal basis for this processing is Article 6 paragraph 1 point f GDPR. These measures ensure that only ads relevant to your actual or inferred interests appear on your device, which serves both your and our interest by avoiding irrelevant advertising.
However, if you do not wish to see personalized advertising banners from the “EUTA” online store, you can object to the collection and storage of data for the future as follows:
• By selecting the icon displayed on each advertising banner (e.g., “i”), you will be redirected to the provider’s website. There, the retargeting technology is explained in detail, and you are given the option to opt out. If you choose to opt out with a provider, an opt-out cookie is stored on your device, which prevents the corresponding advertising banner from being displayed in the future. Please note that this opt-out can only be applied on your device, and the respective opt-out cookies must not be deleted from your device. If they are deleted for any reason, you will need to repeat the opt-out process.
• Alternatively, you can use the opt-out options described in section 7.5 of these data protection terms.
Recipients / Categories of Recipients:
On our website, we use retargeting technologies from various providers, who process the aforementioned data within this context. Further information regarding the cookies used by these providers can be found in our Cookies Policy.
Storage Duration / Criteria for Determining Storage Duration:
The cookies used for retargeting purposes and the information contained therein are stored for the duration specified in the Cookies Policy and are automatically deleted afterward.
7.5 Further Digital Communication:
We also occasionally use short electronic messages such as SMS, Viber, or related digital services (e.g., inbox) to better assist you and respond more effectively to your needs.
7.6 Opt-out Possibility:
You can prevent the use of the retargeting technologies described in sections 7.3 and 7.4 by appropriately adjusting the cookies settings in your internet browser (see also section 7.1). Additionally, you have the option to block personalized advertising based on interests using the so-called Preference Manager or by activating available opt-out cookies.
8. Recipients outside the EU:
Except for the processing described in section 7, and written agreements with other directly cooperating companies explicitly mentioned herein, we do not provide your data to recipients located outside the European Union or the European Economic Area. The processing described in section 7 may lead to the transfer of data to the servers of our authorized tracking and targeting technology providers. Some of these servers are located in the USA (you can obtain relevant information from the reports for the respective recipients). The data transfer is carried out in accordance with the principles of the so-called Privacy Shield, as well as based on the so-called Standard Contractual Clauses of the European Commission.
9. Your Rights as Data Subjects
9.1 Overview:
In addition to the right to withdraw any consent you have given us, you also have the following rights, provided that the applicable legal conditions are met:
the right to object, pursuant to Article 21 GDPR.
9.2 Right of Access pursuant to Article 15 GDPR
You have the right, upon request and free of charge, pursuant to Article 15 paragraph 1 GDPR, to be informed about the personal data we have stored concerning you. This specifically includes:
- The purposes of the processing of your personal data.
- The relevant categories of personal data we process.
- The recipients or categories of recipients to whom your personal data have been or will be disclosed.
- Where possible, the period for which your personal data will be stored or, if this is not possible, the criteria used to determine that period.
- The existence of the right to request from the data controller the correction or deletion of personal data, or the restriction of processing concerning the data subject, or the right to object to such processing.
- The right to lodge a complaint with a supervisory authority.
- Where personal data are not collected from the data subject, any available information as to their source.
- The existence of automated decision-making, including profiling, as provided for in Article 22 paragraph 1 and 4 GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
When personal data are transferred to a third country or international organization, the data subject has the right to be informed about the appropriate safeguards pursuant to Article 46 GDPR regarding the transfer.
9.3 Right to Rectification pursuant to Article 16 GDPR
You have the right to require us, without undue delay, to correct inaccurate personal data concerning you. Considering the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
9.4 Right to Erasure pursuant to Article 17 GDPR
You have the right to request the deletion of your personal data without undue delay if one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based pursuant to Article 6 paragraph 1 point a or Article 9 paragraph 2 point a GDPR, and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21 paragraph 1 or paragraph 2 GDPR, and there are no overriding legitimate grounds for the processing pursuant to Article 21 paragraph 2 GDPR.
- The personal data have been unlawfully processed.
- The personal data must be erased to comply with a legal obligation.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8 paragraph 1 GDPR.
Where we have made personal data public and are obliged to delete it, we will, taking into account available technology and implementation costs, take reasonable steps to inform other controllers processing your personal data of your request to delete any links, copies, or replications of those personal data.
9.5 Right to Restrict Processing pursuant to Article 18 GDPR
You have the right to request the restriction of processing where one of the following applies:
- You contest the accuracy of your personal data.
- The processing is unlawful, and you oppose the deletion of the personal data and request the restriction of its use instead.
- The controller no longer needs the personal data for processing purposes, but the data are required by you for the establishment, exercise, or defense of legal claims.
- You have objected to processing pursuant to Article 21 paragraph 1 GDPR, pending verification whether the legitimate grounds of the controller override those of the data subject.
9.6 Right to Data Portability pursuant to Article 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller without hindrance from us, when:
• The processing is based on consent pursuant to Article 6(1)(a) or Article 9 paragraph 2 point a GDPR, or on a contract pursuant to Article 6 paragraph 1 point b GDPR, and
• The processing is carried out by automated means.
When exercising the right to data portability, you may request that the personal data be transmitted directly from us to another controller, if technically feasible.
9.7 Right to Object pursuant to Article 21 GDPR
Under the conditions of Article 21( GDPR, you may object to the processing of your data for reasons arising from your particular situation.
This general right to object applies to all data processing purposes described in this Privacy Policy, which are carried out pursuant to Article 6 paragraph 1 point f GDPR. Unlike the specific right to object to processing for advertising purposes (see especially sections 9 and 7.6 above), we are obliged under the GDPR to apply this general right to object only if you provide compelling grounds, e.g., a possible risk to life or health. In addition, you may contact the competent supervisory authority for “EUTA” or the Data Protection Officer of the company, the law firm Tsilonis-Vogiatzoglou (Newlaw), Tsimiski 10, 546 24 Thessaloniki, tel. +30 2310 551 501, fax: +30 2310 261 503, e-mail: dataprotect(at)newlaw(dot)gr.
10. Contact Persons
10.1 Contact persons for questions or regarding the exercise of your rights concerning data protection
For questions regarding the websites or the exercise of your rights in relation to the processing of your personal data (data protection rights), you may contact the Customer Service Department at info@euta.gr
10.2 Contact person for data protection questions
For further questions regarding the processing of your personal data, you may contact the company’s operational Data Protection Officer, the law firm Tsilonis-Vogiatzoglou (Newlaw), Tsimiski 10, 546 24 Thessaloniki, tel. +30 2310 551 501, fax: +30 2310 261 503, e-mail: dataprotect(at)newlaw(dot)gr.
10.3 Right to lodge a complaint with the supervisory authority
You also have the right at any time to lodge a complaint with the competent supervisory authority. You may contact the data protection authority, in particular in the Member State where you usually reside, work, or where the alleged infringement occurred, or the authority of the state where the controller is established.
11. Name and Contact Details of the Data Controller and the Operational Data Protection Officer
These data protection terms apply to the processing of data by the General Partnership “EUTA”, located at 26 Grigoriou E’ Street, Postal Code 54248 Thessaloniki, Tax Office Z’ Thessaloniki, VAT number 998633600, tel.: +30 2310 317505, for the purpose of providing information, access, and sale of pharmacy products and related services permitted by pharmaceutical law and ethics to visitors/users of the website, and is the “Data Controller” for the website www.euta.gr.
For further information or questions regarding the processing of data or to exercise any lawful rights, the User may contact the Data Protection Officer of the General Partnership, the law firm Tsilonis-Vogiatzoglou (Newlaw), Tsimiski 10, 546 24 Thessaloniki, tel.: +30 2310 551 501, fax: +30 2310 261 503, e-mail: dataprotect(at)newlaw(dot)gr.
