Privacy protection policy

Introduction

With this policy XACO S.A. (hereafter «Company» or «We») as part of its commitment of being transparent aims to inform you regarding the means of handling and processing of your personal data, the controls in place to protect them, as well as your rights, always in compliance with the applicable regulatory framework for protecting personal data.

> Back to the top

About us

XACO S.A. was founded in 1993 and it represents one of the largest American companies in the athletic & outdoor gear industry in Greece, Cyprus & in the wider area of Eastern Europe.

In a highly competitive environment XACO S.A. stands out for the quality of the products it provides. The brand names it represents, hold the top places on the international market.

For the following processing activities, XACO S.A. is the data controller. Our Company’s profile, as well as our contact details are mentioned below:

Company Name

XACO ANONYMH ETAIREIA EMPORIAS KAI PARAGOGHS EIDON ENDYSEOS KAI YPODHSEOS

Address

23ο Km ATHENS-LAMIA National Road, 14568

G.E.MI. registration number

001092401000

Tax Identification Number

094393116

Contact details: e-mail/phone number:

info@xaco.gr/ 0030 2108160100

 

> Back to the top

Collection & Processing of personal data

During your browsing to our website or when you buy products from us or contact us, we may collect information that concern you. We note that we collect and process only the information that are necessary for completing the following purposes and under the condition that we always possess the required lawful basis for the process. More specifically, the type of personal data we collect and retain may be, per case, the following:

 

Type of personal data

Purpose of processing

Lawful basis of processing

Full name, email, country, area, city, address, postcode, phone number

Data collection and processing for completing a product purchase

Contract

Full name, email, date of birth

Data collection and processing for user registration

Consent

Full name, email, phone number

Data collection and processing for receiving and managing complaints regarding products

Consent

Full name, email, country, area, city, address, postcode, phone number, date of birth, gender, (data collected through web page browsing)

Evaluating and handling data in order to audit the quality of provided services and products and to extract statistics

Legitimate interest

Full name, email

Handling contact details for promoting new products

Consent

Full name, email, address, area, city, postcode, phone number

Collecting and handling contact details for customer support by phone or in person in the store.

Legitimate interest

Cookies

Proper functionality and handling of our website, identifying, analyzing and solving technical issues (e.g. bugs) and securing from or identifying a possible fraud or other breaches regarding terms of use of our website

Legitimate interest

 

The Company processes your data in order to complete its abovementioned legitimate interests, only under the condition they do not exceed your rights and freedoms.

In any case, the Company may process your data for purposes of complying with the obligations that are imposed by the applicable legal and regulatory framework, with the supervisory requirements, as well as with the decisions of authorities or courts.

In the event that you wish to be furtherly informed about the Company’s policy regarding the cookies our website is handling, please click here

> Back to the top

Data transferring to third parties

Our Company may disclose your data to third parties/recipients (natural and legal persons), under the condition they implement the appropriate technical and organisational controls, as well as comply with their obligation of abiding by the confidentiality and non-disclosure agreements, such as: Geniki Taxydromiki (courier), AnotherCircus (e-shop platform management), AlphaBank (bank transaction management), Γουρζουλίδης Δ. και ΣΙΑ Ε.Ε (I.T. service provider), Χιώτης Ν. Δημήτριος (accounting office).

  • Company that manages websites and e-shops
  • Company that provides website and e-shop hosting services
  • Companythatprovidesemailservices
  • Company that provides services regarding the development, maintenance and configuration of IT applications
  • Company that provides accounting services
  • Company that provides postal services
  • Company that provides a platform for electronic payments "Alpha e-Commerce"

In any case, the Company guarantees that it will not transfer, disclose, offer, etc. your data to third parties for any purpose or use other than those explicitly disclosed in the current Policy. However, we retain the right to disclose information concerning you, if the legislation obliges us to do so, or if that disclosure is required by the competent supervisory, auditing, independent, judicial, public and / or other authorities.

Furthermore, the Company does not transfer your data to countries outside the European Economic Community («EEC»). In the event that there is a relevant need, we commit that we shall proceed to your immediate notification, as well as to the application of the necessary controls for assuring the protection of your data.

> Back to the top

Data retention period of your data

The Company retains your data for as long as the purpose for which the data was collected remains valid.

The Company may retain your data also after the fulfilment of the abovementioned purposes of collecting and processing, for a period up to 10 years after your latest purchase in which we handled your personal data, due to possible legal obligations, legitimate interests etc. These cases are:

  •         Legal obligation of the Company related to a provision of the law.
  •         For use before any audit authority within the statutory retention period.
  •         If necessary for the proper organisation and operation of the Company, provided that your data is anonymised.
  •         Up until the lapse of the relevant claims to defend the rights and legitimate interest of our Company before any competent Court and any other public authority.
  •         If there is an administrative or judicial litigation that is directly or indirectly related to your data, until a final judgment is given.

 

Finally, we shall retain your data for the period that we possess an active consent for the purposes that it was given, as mentioned above.

After the lapse of the retention period, our Company is responsible for erasing your data in paper form or stored in our information systems, in a secure manner.

> Back to the top

Description of your Rights

Right to be informed/notified

You have the right to obtain and we are obligated to provide you with clear, transparent and easily comprehended information regarding the means of handling your personal data and rights.

Right to access

You have the right to obtain access to your personal data (if we process them) and to information regarding them, such as the purposes of the processing, the categories of personal data, their origin, and their possible recipients.

Right to rectification

You have the right to request the rectification of inaccurate information, as well as the completion of any potentially incomplete personal data that concern you.

Right to erasure

You have the ability to request the erasure or the removal of your personal data when it is no longer necessary for the purposes it was collected or processed in any other way, or when there is no legitimate justification to continue processing the data.

However, we might have the right or the obligation of retaining the information, in cases we have a special legal obligation to do so, or we have other valid legitimate justification to retain it.

Right to restriction of processing

On specific circumstances, you have the right to request to «exclude» or discontinue the further handling of your information. When the processing is limited, we are still able to store your information, but we could not use them for other purposes.

Right to data portability

You have the right to obtain a copy of your personal data that we retain, in a structured, commonly used and machine-readable format and to reuse, transfer or disclose it for your own purposes.

Right to withdraw consent

Where the legal basis of processing your data is “Consent”, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on a valid consent given before its withdrawal.  

Right to object

You have the right to object in processing your personal data, such as automated decision making, under specific circumstances.

You can exercise the abovementioned rights by sending an email at info@xaco.gr.

Means of Exercising your Rights

In the event that you wish to exercise one of the abovementioned rights you can address at info@xaco.gr by sending an electronic mail.

In the event that you submit a request for exercising your rights, the Company shall respond in your relevant request within 1 (one) month from its submission. The said deadline could be extended by 2 (two) more months, following a prior notice, taking into consideration the complexity of the request and the amount of the requests under processing.

Our response to your request above is provided free of charge. However, in case that your request is obviously unfounded, excessive or recurring, we may either notify you regarding the charging with a reasonable fee, or to deny responding to your request.

> Back to the top

Security and Protection of personal data

The personal data processing procedure is carried out in a way that ensures its confidentiality. More specifically, it is carried out exclusively by appointed for this purpose personnel, while all the appropriate organisational and technical controls for securing and protecting the data, apply. These controls include technics and procedural activities, as well as activities for monitoring and detecting, that aim to secure data from misuse, unauthorized access or disclosure, loss, modification or destruction.

> Back to the top

Lodging complaints to a Supervising Authority

You have the right to lodge a complaint regarding the processing of your data performed by our Company, to any supervising authority of a member state of the European Union and especially to the Data Protection Authority. If you have concerns regarding the means of processing your personal data, please visit the Data Protection Authority’s website for more details, or you can contact them at:

Hellenic Data Protection Authority

Postal Address: Kifissias 1-3, 11523, Athens

Calling Center: +30-210 6475600

Fax: +30-210 6475628

Electronic mail: contact@dpa.gr

 

> Back to the top

Modifications and Updates to this Privacy Policy

We may review and revise this policy with a view to our continuous compliance with the legal and regulatory requirements and the optimal protection of your data and the support of your rights on these data.

You shall be notified for any review we perform by publishing an updated version on our website or by contacting you through electronic mail.

> Back to the top

Contact us

If you have any question about the present Policy or any other matter regarding the protection of your personal data, please do not hesitate to contact us through email at info@xaco.gr or by calling to 210-8160100.

Reference to other useful links

Website Terms of use

Cookies Policy, IP Addresses & Similar Technologies

GDPR Terms & Definitions

«personal data»: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;  

«processing»: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

«restriction of processing»: means the marking of stored personal data with the aim of limiting their processing in the future;

«profiling»: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

«controller»: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

«personal data breach»: mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

For more information regarding the new Regulation you can visit the following web address: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en

In the event of a discrepancy between any post or link on our site and Greek and European legislation, we apply the provisions of applicable Greek and European legislation.

> Back to the top