Introduction
This Privacy Policy describes how the online store POOQ collects, uses, stores, and protects the personal data of its visitors and customers. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Greek and European legislation.
What Are Personal Data?
Personal data is any information relating to an identified or identifiable natural person (the “data subject”). An identifiable natural person is one whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of that person.
Data We Collect
In order to initiate any transaction with our online store, it is necessary for you to provide certain personal data, which are collected for security reasons and for the completion of your order. We collect the following categories of personal data:
Order / Customer Data
- Full name
- Address (street, number, city, postal code)
- Phone number
- Email address
Account / Login Data
Collected when you create an account or log in.
Payment Data
We do not store credit or debit card details. Payments are processed through secure third-party payment gateways.
Communication Data
When you contact us via the contact form or email, we collect your name and email address.
Usage Data
Information related to how you use our website (e.g. pages visited, products viewed, time spent). These are collected via cookies. For more information, please refer to our Cookie Policy.
Purposes of Processing and Legal Basis
We process your personal data for the following purposes and on the corresponding legal bases:
Order Processing and Fulfillment
Purpose: Managing, processing, and fulfilling your orders, shipping products, managing payments, and issuing refunds.
Legal Basis: Performance of a contract to which you are a party.
Customer Account Management
Purpose: Creation and management of your account, order history, and saved addresses.
Legal Basis: Performance of a contract and our legitimate interest in providing a personalized user experience.
Communication
Purpose: Responding to inquiries, comments, or requests submitted via the contact form or email.
Legal Basis: Our legitimate interest in effective communication and customer support, as well as your consent when submitting a request.
Marketing Activities (Newsletter / Coupons)
Purpose: Sending newsletters, offers, or promotional material related to our products and services.
Legal Basis: Your consent, which you may withdraw at any time.
Website Improvement & Analytics
Purpose: Analyzing website usage to improve our services, website functionality, and personalize the shopping experience.
Legal Basis: Our legitimate interest in improving our website and services, and in some cases, your consent (for analytics and marketing cookies).
Legal Obligations
Purpose: Compliance with tax, accounting, and legal obligations, court decisions, or requests from public authorities.
Legal Basis: Compliance with a legal obligation.
Data Recipients
Your personal data are never disclosed to third parties for their own purposes. However, for the completion of your purchases and the provision of our services, your data may be shared with:
- Courier and shipping companies, for product delivery
- Payment service providers (e.g. banks, Stripe, PayPal)
- Accounting and tax service providers
- Website hosting providers
- Data analytics providers (e.g. Google Analytics)
- Email marketing service providers (if applicable)
- Advertising service providers (e.g. Google Ads, Facebook Ads), where applicable
All partners act as data processors on our behalf and are contractually bound to comply with strict data protection standards.
Additionally, personal data may be disclosed to public authorities where required by law.
Data Retention Period
We retain personal data only for as long as necessary to fulfill the purposes for which they were collected and to comply with legal obligations.
- Order / Customer Data: Retained for the period required by tax legislation (e.g. up to 10 years) and for warranty or return purposes.
- Account Data: Retained for as long as your account remains active.
- Communication Data: Retained for as long as necessary to handle your request and for a reasonable period thereafter.
- Newsletter Data: Retained until you withdraw your consent.
- Cookie Data: Please refer to the Cookie Policy for cookie duration details.
Your Rights
In accordance with the GDPR, you have the following rights:
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
To exercise any of the above rights, please contact us using the details provided below.
Data Security
Your data are collected and stored in compliance with GDPR (EU) 2016/679 and applicable Greek and European legislation. We implement all necessary technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include data encryption, firewalls, and strict access control policies.
Right to Lodge a Complaint
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA).
Contact
For any questions or clarifications regarding this Privacy Policy or the processing of your personal data, you may contact us using the contact details provided on our website.