Privacy Policy

This document constitutes the Privacy Policy for the websites www.weadoremuseums.gr and weadoremuseums.com of the company “WE ADORE MUSEUMS SINGLE MEMBER P.C.,” which, as the Data Controller, collects, stores, uses, and generally processes personal data when you visit or use its websites. The Company acknowledges and prioritizes compliance with the General Data Protection Regulation (GDPR) 2016/679 and Greek Law 4624/2019 to the extent that it is compatible with GDPR and relevant national and EU law. To this end, all necessary measures have been taken, including the drafting and provision of this Privacy Policy.

1. Data Controller

The entity responsible for the processing of personal data collected from the websites www.weadoremuseums.gr and weadoremuseums.com is “WE ADORE MUSEUMS SINGLE MEMBER P.C.” with the trade name “WE ADORE MUSEUMS” (hereinafter “the Company”). The Company is registered under VAT number 802007416, under the jurisdiction of the IB Tax Office of Athens, and is located at 5 Numfaiou Street, Athens, Postal Code 11528, Greece. The contact number is +30 6981800835, and the email address is info@weadoremuseums.gr.

2. What are personal data?

The term “personal data” refers to information relating to natural persons such as name, postal address, email address, telephone number, etc., which identify or can identify the identity of a specific natural person (the “data subject”).

3. What is the processing of personal data?

The processing of personal data involves any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as: Collection, entry, organize, structure, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

4. Which Personal Data do we collect, for what purpose, and on what legal basis?

During your visit, navigation, and use of our websites, the Company collects only the absolutely necessary Personal Data that is appropriate and relevant for the intended purpose and only when there is a specific legal basis for their processing as detailed below:

Purpose of Processing	Category of Data	Types of Data	Legal Basis for Processing
Account Creation and Operation	Identity Data	Name, surname, address, email, password, selected and customized products, order history, shipping address	The processing is based on the explicit consent of the data subject (Article 6(1)(a) GDPR).
Product Invoicing	Contact Details	Name, surname, company, VAT number, shipping address, billing address, contact phone number	The processing is necessary for compliance with a legal obligation of the controller (Article 6(1)(c) GDPR), specifically pursuant to tax legislation.
Product Shipping	Identity Data, Contact Details	Name, surname, company, shipping address, contact phone number	The processing is necessary for the performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR).
Communication through Contact Form	Contact Details	Name, email, message content	The processing is based on the explicit consent of the data subject (Article 6(1)(a) GDPR). Specifically, for the contact form, your consent is provided by completing the form and submitting its content. Regarding the email address info@weadoremuseums.gr, your consent is given by sending your message through email.

Additionally, on the websites weadoremuseums.gr and weadoremuseums.com, cookies are used to collect the necessary personal data for better functionality, only with your consent when required, and in accordance with the Cookie Policy, which is available for review.

5. Recipients of Personal Data

In fulfilling the contractual and legal obligations of our company, and in cases where the company has received your consent, recipients of the data may include only authorized employees of the company and third-party collaborators, who through contracts with the company are bound to adhere to this policy, particularly regarding the prohibition against copying, sharing, destroying, and altering such data.

The data recipients fall into the following categories, depending on the services we are obliged to provide to you:

1. External collaborators of the company who process data on our behalf in accordance with personal data protection legislation (e.g., external accountant, courier company, etc.).

2. Service Providers who provide Web Hosting (DNHost), Email Hosting (Google), and Newsletter Services (Google Groups), if you have subscribed to these services, may have access to your data as necessary. These companies store your data under appropriate confidentiality obligations, and their services are provided in a secure environment. Specifically for the newsletter service, Google Groups collect your email address, region of residence, and the content of the informational material sent to you. Your email address will be deleted six months after the cessation of sending our promotional material. Our websites also use Tidio, a messaging platform that connects users with our customer service. We collect personal data with your consent to initiate communication, such as user account details, IP address, and message content. The messages and data exchanged are stored in Tidio’s application. For more details, refer to their Privacy Policy. Our company does not use these messages or data for purposes other than responding to user inquiries. In all cases, your personal data is processed and transmitted in compliance with the General Data Protection Regulation (GDPR).

3. Public authorities (e.g., Tax Office, Independent Authority for Public Revenue, Ministries) for compliance with legislation, court orders, instructions, requests, or decisions. They may receive data as required by law, ensuring compliance with regulatory and legal requirements.

4. Regarding payments for our products, these are conducted through a secure environment of a cooperating financial institution. We use a third-party payment service to enable you to purchase a product or make payments (“Payment Service”). If you wish to purchase a product, you will be redirected to a Payment Service website. Any information you provide is subject to the Payment Service’s privacy policy and not this Privacy Policy. We have no control over and are not responsible for any use by the Payment Service of information collected through any Payment Service.

Specifically, all electronic transactions conducted through our online store are carried out using a card with complete internet security and are processed via the “Nexi e-Commerce” electronic payment platform of Alpha Bank.

6. Retention of Personal Data

Your Personal Data is retained only for the duration necessary to fulfill the purpose for which you have provided it to us, in accordance with applicable laws, unless an extension is required due to legal claims or our legal obligations.

Purpose of Processing	Data Retention Period
Creation and operation of an account	Until the deletion of the account or its individual components.
Product invoicing	In accordance with applicable tax legislation.
Communication via the contact form	6 months from the date of communication or the resolution of the request.

7. Children's Personal Data

Our services through the website, as well as the websites themselves, are not directed at children under the age of majority. Our company does not knowingly collect information or personal data from children. If we become aware that we are processing information from a child under the age of 18 without valid consent from a parent or guardian, we will delete the relevant data.

8. Personal Data Security

To protect your Personal Data, the Company has implemented the necessary technical and organizational measures to prevent the risk of loss, misuse, unauthorized access, and disclosure of your personal information.

9. What are your rights?

According to the General Data Protection Regulation (GDPR), you have the right to submit the following requests:

A. Right to Information (Article 15 GDPR): This request provides specific information regarding whether the Company processes your personal data, the type of data, the purpose and legal basis for processing, details of third parties to whom the data is disclosed, and the criteria that determine the retention period for these data.

B. Right to Rectification (Article 16 GDPR): Through this request, you can correct incorrect or (and) complete missing personal data concerning you.

C. Right to Erasure (Article 17 GDPR): This request allows for the deletion of your personal data that is not necessary, subject to the retention of data to the extent required by applicable law.

D. Right to Data Portability (Article 20(1) GDPR): This request allows for the delivery of your personal data that the Company has at its disposal to you in a comprehensible format, subject to the retention of original health data to the extent required by applicable law.

E. Right to Data Transfer (Article 20(2) GDPR): Through this request, the Company will transfer your personal data to third parties according to your will, in a format that can be processed for the purpose for which the transfer was made, subject to the retention of original data to the extent required by applicable law.

F. Right to Restriction of Processing (Article 18 GDPR): This request restricts the personal data that has been collected or the processing to which they are subjected when not in accordance with the principles of lawful processing and data minimization as required by the GDPR.

10. When do we respond yo your requests?

The Company responds to your requests free of charge and without delay, and in any case within one (1) month from the date of receipt of your request. However, if your request is complex or there is a large number of requests, we will inform you within the month if an extension of another two (2) months is needed within which we will respond.

If your requests are clearly unfounded or excessive, especially due to their repetitive nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing the information or carrying out the requested action, or refuse to comply with the request, justifying the response to you.

In case you do not receive a response within the above-mentioned period or the response you received is not satisfactory or your issue has not been resolved, you can contact the Hellenic Data Protection Authority (“www.dpa.gr”).

11. Amendments to this Policy

If deemed necessary, we may make certain amendments to the information contained in this Privacy Policy. In such a case, we will notify you by all appropriate means so that you can become aware of, review, evaluate the changes, and, if you disagree and are receiving the Center’s services, you can withdraw your consent to the processing of your personal data. In any case, you are encouraged to check this Policy from time to time as minor changes or the integration of interactive improvements may occur.

12. Contact

For any clarification regarding our Privacy Policy in relation to the management and processing of personal data, or for any observation regarding the processing of your personal data, and for any advice or assistance in submitting and fulfilling a request, you are encouraged to contact us via email at info@weadoremuseums.gr.

13. Supervising Authority

The competent supervisory body for submitting a complaint is the Hellenic Data Protection Authority (1-3 Kifisias Avenue, 11523, Athens, Tel: 210 6475600, Fax: 210 6475628, email: contact@dpa.gr).