Welcome to potopoliolatsia.com (hereinafter referred to as “Website”).
The Website is owned and operated by Enfiali as Data Controller (hereinafter referred to as “Data Controller”). We are committed to protecting your personally identifiable information (“Personal Data”). This statement governs our privacy policies with respect to those users of the Website who visit without transacting purchase and persons who register to purchase through the Website.
The Enfiali online shop (“Webshop”) forms part of the Website that is available under the domain name of potopoliolatsia.com.
Data Controller acknowledges to be legally bound by the content of the present legal Privacy Policy (“Policy”).
We keep this Policy under review and we may modify it from time to time without any prior notice. You as data subject (“Data Subject”) should review our Policy on our Website periodically.
Please read this statement carefully. By using the Website or by placing order for Products through the Webshop you acknowledge the content of this Policy and agree to be bound by all of the terms. The consent to each processing of Personal Data shall be given by you, either by using or registering on the Website or by providing freely the personal data in question.
Personal Data refers to any information that identifies or can be used to identify, contact or locate the person to whom such information pertains. This does not include information that is collected anonymously and not connected to an identified individual.
Our services provided by the Webshop are available on the Website, such as the delivery of spirits, alcoholic beverages and glassware accessories.
Only persons of legal capacity aged 18 or more allowed visit and purchase on the Website. You shall be liable for the compliance of your activities. We shall take all necessary steps in order to filter out any processing of Personal Data of persons below the age of 18 years.
Data Controller’s principles of data processing are in accordance with legal provisions in force relating to data protection, including but not limited to:
- Regulation (EU) 2016/679 of the European Parliament and of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); /The GDPR applies as of 25 May 2018/;
- National Data Protection law adopted for the effective implementation of provisions of the GDPR in Cyprus:
- Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data (Law No. 125/I//2018) The law was.
We shall keep confidential and secure all personal data and shall carry out all the necessary developments and modifications, depending on changes in the legal and technical framework.
I. DATA CONTROLLER (contact details)
Company Name: Pemanimi LTD
Registered Seat: 117, Arch. Makariou str., 2224 Latsia, Cyprus
Phone: +357 22486230
Company Registration Number: ΗΕ452878
EU VAT Number: 60033169Ζ
E-mail: enfialistore@gmail.com
II. DEFINITIONS (terms used in this policy)
- “Data Subject” / “You”: a natural person identified or identifiable on the basis of any information about whom Data Controller holds personal data. Regarding this Privacy Policy in particular the Visitor, Customer, User;
- “Data Controller”: determines the purposes and means of the processing of Personal Data (when, why and how to process) and implements appropriate technical and organizational measures to comply with the Law. Data Controller maintains, updates the record of processing activities and makes the accurate record available to the Commissioner on request and cooperate with the Commissioner;
- “Personal Data”: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, address, phone number, e-mail address, credit card information, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Data transfer”: means ensuring access to the data for a third party;
- “User”: any visitor of the Website; any person/consumer who places an order on the website;
- “Consent”: of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- “Profiling”: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability behaviour, location or movements;
- “Data Process”: means performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
- “Processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
- “Personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
- “Third Party”: a recipient of Personal Data. It means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- “Commissioner of Personal Data Protection”: who is appointed as the supervisory authority and responsible for monitoring the application of the GDPR and Article 19 of Data Protection Law of Cyprus and of other legislative measures relating to the processing of personal data.
III. PRINCIPLES AND SCOPE OF DATA PROCESSING
Data Controller shall record and process personal data lawfully, fairly and in a transparent manner in relation to you.
We shall process personal data only for specified, explicit and legitimate purposes.
The processed Personal Data shall be adequate, relevant and limited to what is necessary regarding the extent and duration of the processing.
Should the data provider not provide its own personal data, the data provider shall be obliged to obtain the customer’s consent.
- PERSONAL DATA OF VISITORS
- Scope of data processing: date and time of the visit, IP address of your computer at the time of visit (standard log info); browser type; details of visitor behaviour patterns and security through the use of cookies (we also maintain a Cookie Policy (EU)).
- Purposes of data processing: use of the Website, market research, analytics, monitoring of the functioning of services, customized services, prevention of any misuse.
- Period for which personal data are processed, time limit for erasure: within 60 days of viewing the Website.
- Legal basis of processing: consent freely given by you, Art. 6 (1) (a) of GDPR.
- REGISTRATION
- Scope of data processing: name, display name, e-mail address, password, phone number, date and time of registration, IP address of your computer at the time of registration, last login date.
- Purposes of data processing: identification of you, secure account login, communication, carrying out technical operations.
- Legal basis of data processing: consent freely given by you, Art. 6 (1) (a), as well as Art. 8 (1) of GDPR.
- Period for which personal data are processed, time limit for erasure: until your request for erasure.
- Identity of potential data controllers, recipients of personal data (entitled to access to personal data): personal data may be processed by Data Controller’s employees and affiliated agencies authorised thereto and acting on our behalf.
- ONLINE PURCHASE
- Scope of data processing: name, phone number, e-mail address, billing data and shipping data (name, country, ZIP/post code, city, street, house number), tax number, EU VAT number (optional), amount of transaction, bank account number (in the case of direct bank transfer or refunds provided by the customer),
- Purposes of data processing: identification of you, performance of purchase, issuing invoices in accordance with the applicable rules, confirmation, more effective consultation on questions relating to purchases and invoicing, enforcement of claims, carrying out technical operations.
- Period for which personal data are processed, time limit for erasure: we shall use any data related to the performance of the contract concluded by electronic means for purposes related to the contract, and we shall erase and destruct them when the contract is terminated or upon expiration of the time limit set by law. Accounting documents, as well as documents underlying them shall be stored in accordance with the provisions of Cyprus Tax Laws.
- Legal basis of data processing: the processing of personal data is necessary for the performance of the contract under Art. 6 (1) (b) of GDPR.
- NEWSLETTER
We enable you to subscribe to a newsletter on the Website. Observing the provisions of the present Policy, you can thereby give consent to receive promotional material and other messages (newsletter) from us at the contact data disclosed when registering, as well as to the processing of his/her personal data necessary for sending advertising materials. We shall not send unsolicited advertising messages.In case of newsletters, we shall process the personal data disclosed by you when subscribing to the newsletter until you unsubscribe from the newsletter by clicking on the “Unsubscribe” button available at the bottom of the newsletter message, or requests by mail or by e-mail – without any restriction or obligation to give reasons – to be deleted from the subscribers’ list. In case of unsubscribing, we shall not send any more newsletter or offer to you. You may unsubscribe from the newsletter and withdraw his or her consent at any time contacted by us.- Scope of data processing: name, e-mail address, date and time of subscribing, IP address at the time of subscribing.
- Purpose of data processing: identification of you, enabling users to subscribe to the newsletter, sending newsletters, carrying out technical operations, sending messages electronically to you, including advertisements, communicating current information on programmes.
- Period for which personal data are processed, time limit for erasure: the processing of data shall be terminated upon withdrawal of consent, i.e. upon unsubscribing. Data Controller shall notify you electronically on the unsubscribing and your deletion from the newsletter mailing list.
- Legal basis of processing: consent freely given by you, Art. 6 (1) (a) of GDPR.
- COMMUNICATION WITH CUSTOMERS
Should you have any question when using our services, you can contact us by using the contact data indicated above and by filling the “Contact Us” form on the Website.Data Controller shall delete all messages received, together with the sender’s name, e-mail address, phone number, date and time and other personal data disclosed in the message, at the latest after 1 years counted from providing of such data.
IV. DATA PROCESSORS ASSIGNED
Data Controller shall be entitled to assign Data Processors in relation to its activities.
When we enter into agreement with a Third Party that requires your personal data to be processed, we enter into processing agreement with that party in order to ensure that they process the Personal Data according to our instructions and to implement the appropriate administrative, physical and technical measures to protect the Personal Data from unauthorized use, collection, access, loss or disclosure.
Legal basis of the data processing mentioned hereunder: consent freely given by you, Art. 6 (1) (a) of GDPR.
Activities pursued by Data Processors: hosting services, monitoring, marketing activities, technical updating, IT security system and other developments, repair services, performing purchases/orders, online payment, invoicing, settling accounts.
Period for which personal data are processed, time limit for erasure: until the agreement concluded by and between Data Controller and the Data Processor mentioned at this point terminates or until you send a request for erasure to the Data Processor.
V. ONLINE PAYMENT MANAGEMENT
Online payment transactions are handled by our Payment Service Provider as an independent Data Controller: Wallee Group AG
Information on Wallee Group AG’s data management is available at this link.
Legal basis of the data processing: performance of the contract, Art. 6 (1) (b) of GDPR, as well as Nick’s Bottle Shop Ltd’s legitimate interest according to Art. 6 (1) f) of GDPR.
VI. TRANSFERRING PERSONAL DATA
We generally do not transfer/disclose your Personal Data to any Third Parties or countries outside Cyprus, other than the above-mentioned unless is required or/and mandatory under the provisions of any legislation, regulation or upon governmental, supervisory, competent authority request.
VII. COOKIES, TECHNICAL DATA
Our Website uses cookie technology. Cookies/technical data are data related to the computer used by the User when logging in which are generated in the course of using the services and are recorded by our system as an automatic result of technical processes, including but not limited to the date and time of visits, the IP address of the User’s computer and the type of its web browser.
The primary purpose for collection of data from users to our Website is to allow us to provide a smooth efficient experience while using our site.
Cookies serve the following purposes in particular:
- Secure cookies;
- Temporary (session) cookies: these files are deleted automatically after the User’s visit. These cookies serve the secure and effective operation of our Website, i.e. they are essential for the proper operation of certain applications, as well as certain functions of the Website;
- Persistent cookies: these files are stored for a longer period by the web browser. The exact period depends on the settings applied by the User in his or her web browser.
Remote servers may help the independent measurement and auditing of data relating to the frequency of visits to the Website and of web analytics data (web analytics services: Google Analytics software). Information on the processing of measurement data is provided by the policies applying to such services. It is available here.
If you wish to deny the use and saving of cookies from this Website on to your computer hard drive, you should take steps within your web browsers security settings to block cookies.
We also maintain a Cookie Policy about the Types of Cookies.
VIII. LINKS TO THIRD PARTY SITES
Any Linked Sites on our Website are not under Nick’s Bottle Shop Ltd’s control and we are not responsible for the contents of any Linked Site. Nick’s Bottle Shop Ltd is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Nick’s Bottle Shop Ltd of the site or any association with its operators. You are responsible for viewing and abiding by the privacy statements and terms of use posted at the Linked Sites.
IX. COMMUNICATION OF A PERSONAL DATA BREACH TO THE USER
Data Controller shall communicate, in clear and plain language, the personal data breach to the User without undue delay, if the personal data breach is likely to result in high risk to the rights and freedoms of the User(s).
In the communication addressed to the User, Data Controller shall describe the nature of the personal data breach, the contact point where more information can be obtained, the likely consequences of the personal data breach, as well as the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
The communication to the User shall not be required if any conditions of Art 34 (3) GDPR are met.
X. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
You have the following privacy rights, which may be exercised via the e-mail address at finespiritscyprus@gmail.com.
- Right to access
Request access to your Personal Data, this enables you to receive a copy of your Personal Data that we hold about you. - Right to rectification
Request to correct or update any of your inaccurate Personal Data which we hold concerning you. - Right to erasure
Request to delete your Personal Data. However, we may need to retain certain information for legal or administrative purposes, such as record keeping and detect fraudulent activities. - Right to be forgotten
In the case that Data Controller has made the personal data public and is obliged to erase the personal data, Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. - Right to restrict the processing
User shall be entitled to obtain from Data Controller restriction of processing where one of the conditions applies of Art. 18 (1) of GDPR. - Right to data portability
You shall be entitled to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another party. - Right to object
You have the right to object to the collection and use of your Personal Data. - Right to revoke consent
Any person affected by the processing of personal data may withdraw his/her consent at any time. In this case, the revocation must be sent in writing or by e-mail to us. - Information request
You are entitled to request information at any time from Data Controller relating to the processing of your personal data. You may request access to, erasure or alteration of personal data, as well as restriction of the processing of personal data, portability of data all inform you in writing about the measures taken upon the above requests, without undue delay but at the latest within 30 days counted from the receipt of the request.
XI. POSSIBILITIES OF ENFORCING RIGHTS
- You may send any observation relating to the processing of personal data concerning you to Data Controller.
- You have the right to lodge a complaint about the use of your Personal Data by contacting the Office of the Commissioner for Personal Data Protection in Cyprus at the contact details below:
Office address: Iasonos 1, 1082 Nicosia, Cyprus
Postal address: P.O. Box 23378, 1682 Nicosia, Cyprus
Telephone number: +357 22 818 456
Fax: +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy - If your rights have been infringed, you may file a lawsuit against Data Controller.
- If you have disclosed the personal data of a third person when registering in order to use the services or has caused damage in any way when using the Website, Data Controller shall be entitled to claim for damages against you. In such cases, Data Controller shall take all necessary measures to provide assistance to the proceeding authorities in order to identify the infringer.