Privacy Policy

01. OBJECTIVE

The company under the name, “CAI PHARMACEUTICALS PRIVATE CAPITAL COMPANY”, (hereinafter referred to as the “PCC”), headquartered in Athens, 10 Merlin Street, is committed to protecting the privacy of visitors to its website and takes its obligation to safeguard their personal data seriously. We will be transparent and honest about the data we collect and the purposes for which we collect it.

This policy includes and refers to the following:

  • Your personal data that we collect and process due to your relationship with us as a visitor and through the use of the website, as well as a potential customer of our online store (e-shop).
  • Where we obtain the data from
  • What we do with the data
  • How we store the data
  • To whom we transfer/disclose the data
  • How we address your data protection rights
  • How we comply with data protection regulations

All personal data is collected and processed in accordance with the personal data protection legislation of Greece and the European Union.

02. PERSONAL DATA WE COLLECT

Personal data refers to any information related to you that allows us to identify you, such as your name, contact details, payment information, and information related to your access to our website and electronic correspondence.

We may collect personal data from you when you contact us via the form available on the company’s website, when you participate in a competition or survey, or when you visit our online store (e-shop).

Specifically, we may collect the following categories of information:

a. Name, home and work address, email address, phone number, identification or passport details, credit/debit card information, or other payment details,

b. Information during the use of the website,

c. Communications exchanged with us or directed to us through letters, emails, chat, calls, and social networks,

d. Location, including the real-time geographical location of your computer or device via GPS, Bluetooth, and IP address, as well as Wi-Fi hotspot and cell tower locations, provided by users when you use location-based features and enable location services settings on your device and computer.

03. PURPOSES OF PROCESSING PERSONAL DATA - RETENTION

We process your personal data only when we have a legal basis to do so. The legal basis depends on the reasons for which we have collected and need to use your personal data.

Your data may be used for the following purposes:

a. Provision of requested products and services: We use your data to provide the services you request in connection with the products or services offered through our website.

b. Verification/Checking of credit cards or other payment methods: We use your payment information for accounting, billing, and verification purposes, as well as to detect or prevent any fraud incidents. The relevant data is automatically transferred to the secure banking environment and is protected by the respective Bank.

c. Administrative or legal purposes: We use your data for statistical and marketing analysis purposes, customer studies, or to handle a claim or dispute. Please note that we reserve the right to profile based on the data collected from you. Any profiling activities will be conducted without your prior consent only if all reasonable efforts have been made to ensure the accuracy of the data used. By providing any personal data, you explicitly consent to the possibility of profiling in accordance with this Privacy Policy.

d. Marketing: From time to time, we may contact you electronically to provide you with information about our offers and products. You will have the option to receive or not such communications depending on whether you subscribe to our newsletter. Furthermore, in each electronic communication, you will have the opportunity to indicate that you no longer wish to receive direct marketing material.

In most cases, we need to process your personal data to fulfill your order for our products or to contact you for promotional purposes.

Additionally, we may process your personal data for the following reasons:

- To comply with a legal obligation (e.g., for tax and accounting purposes).

- Because you have given us your consent to use your personal data.

Only individuals aged 15 years and above can provide their own consent. For children below this age, parental or legal guardian consent is required.

We do not retain your data for longer than is necessary to fulfill the purpose for which it is processed. To determine the appropriate retention period, we consider the quantity, nature, and sensitivity of personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.

We also take into account the time periods for which we may need to retain personal data to fulfill legal obligations, respond to complaints/queries, and protect our legal rights in case of a claim.

This period is defined as ten (10) years for data collected in relation to the process and execution of orders in our online store (e-shop).

Additionally, we will retain your personal data for the promotion of our products unless you decide to request its deletion.

When we no longer need your personal data, we delete or destroy it securely. We also consider whether and how we can minimize the personal data we use over time and whether we can retain it anonymously so that it can no longer be associated with or identify you. In such cases, we may use it without further notice.

04. PERSONAL DATA SECURITY

We follow strict security procedures when storing and disclosing your personal data, as well as to protect it from accidental loss, destruction, or damage. The data you provide us is safeguarded in accordance with our company's security policy.

We may disclose your data to trusted third parties for the purposes outlined in this Privacy Policy. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data in compliance with Greek and EU data protection legislation.

05. SHARING OF PERSONAL DATA

We may share your personal data with the following third parties for the purposes outlined in this Privacy Policy:

a. Trusted service providers we work with to conduct our business operations, such as providers managing our website services.

b. Banks to which credit and debit card details are transmitted to facilitate your payments to us and to monitor fraud incidents. These banks may require information about your payment method to process transactions or ensure the security of your payment.

c. Legal and other professional advisors, courts, and law enforcement agencies in all countries where we operate, to enforce our legal rights arising from our agreement with you.

d. Social networks: Through our website and application, or prior to visiting our website and application, you may access third-party social networks. When registered with your social media account, we will receive the personal data you choose to share with us through these social networks in accordance with their privacy settings, to enhance and personalize your experience on our website or application. We may use social media links on our website or application. This will result in your data being shared with your social media provider and potentially displayed on your social media profile and accessible to others in your network. Please refer to the privacy statement of these third-party social media providers to learn more about their practices.

We understand the importance of taking additional precautions to protect children's privacy and security. Therefore, children under the age of 15 will not be allowed to place any orders from our online store.

When the processing of personal data is based on your consent, you have the option to withdraw your consent for processing or request the deletion of your personal data at any time. You can do this by submitting a request through our website or via email services (see the section RIGHTS REGARDING PERSONAL DATA PROTECTION below).

06. RIGHTS RELATED TO PERSONAL DATA PROTECTION

Under certain circumstances and by law, you have the right to:

  • Be informed whether we hold your personal data and, if so, what data we hold and why we hold/use it.
  • Request access to your personal data (commonly referred to as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and check that we are processing it lawfully.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). You can delete such personal data when its use is based on your consent.
  • Object to the processing of your personal data where we rely on a legitimate interest (or those of a third party), and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Object to automated decision-making, including profiling, that should not be subject to automated decision-making using your personal data or profile.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to you or another party (commonly known as the right to "data portability") in a structured electronic format. This enables you to receive your data from us in a format that is electronically usable and to transfer your data to another party in such a format.
  • Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will cease processing your information for the purpose(s) you originally agreed to unless we have another legal basis to do so lawfully.

If you wish to exercise any of these rights, we have developed an online form to make exercising your rights simple and effective - click here.

We have also added new tools to your account, giving you the ability to directly change the personal data you have provided there.

This policy should help you better understand how we use your personal information. It explains in detail the types of personal information we collect, how we use it, and to whom we may disclose it. If you have further questions about this policy or how we handle your personal data, which are not answered here or through our online form, please contact us at info@cai.gr.

Please note that requests for data access, deletion, etc., are reviewed through the form mentioned above (click here). Such requests cannot be processed via email due to their volume and the need to verify your identity before we can act on your request. This is another critical security measure to ensure personal data is not disclosed to anyone who does not have the right to receive it.

You will not need to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your access request is clearly unfounded or excessive. Alternatively, we may refuse to comply with your request in such cases.

Furthermore, to the extent you have this right, you are entitled to file a complaint directly with the relevant supervisory authority (Hellenic Data Protection Authority, dpa.gr).

07. CHANGES TO THE PRIVACY POLICY

The Privacy Policy may change from time to time, and any updates to the privacy statement will be communicated to you via a notification on our website.