top of page
  • Black Facebook Icon
  • Black Instagram Icon

Privacy Policy

1. DATA CONTROLLER

The owner of this website, https://proofofconcept.gr/, is the enterprise under the name "ΚΟΙΝΩΝΙΚΗ ΣΥΝΕΤΑΙΡΙΣΤΙΚΗ ΕΠΙΧΕΙΡΗΣΗ ΣΥΛΛΟΓΙΚΗΣ ΚΑΙ ΚΟΙΝΩΝΙΚΗΣ ΩΦΕΛΕΙΑΣ Συνεταιρισμός Ανεξάρτητων Καλλιτεχνών και Σχεδιαστών" Independent Artists and Designers Coop  (hereinafter also referred to as "We" or "The Enterprise").

 

Contact Information

Address: 9 Lykourgou Str., Athens, P.C. 105 51

Telephone: +30 213 0884403 (Contact hours: Monday–Friday, 09:00–17:00)

Email: info@proofofconcept.gr

 

Through this document, and based on the principle of transparency regarding the processing of personal data, we aim to explain all the circumstances under which we may process your personal data during your navigation on our website. This includes the types of data we collect, the source and purpose of their collection and processing, any recipients thereof, their retention period, as well as your rights concerning your data as website users and how you may exercise them.

 

 

2. LEGISLATIVE FRAMEWORK


The applicable legal provisions for the protection of your personal data are the European Regulation (EU) 2016/679 (hereinafter "GDPR"), the Greek Law 4624/2019, and other relevant provisions of Greek legislation on the protection of personal data, as currently in force, in conjunction with the Decisions and Directives of the Hellenic Data Protection Authority.

 

3. TYPES OF DATA WE (MAY) COLLECT


In this context, it is necessary to make a crucial distinction: there are certain personal data collected automatically—which is inherent to the functioning of the internet and occurs on any website you visit—and data that you provide to us with your consent.

Data Collected Automatically


Upon visiting our website, our server records:

Your IP address: Used for security and fraud prevention. It is noted that although your IP address constitutes personal data, we cannot identify you solely based on this element.

Log files: These record connection details, date and time of connection, browser type, and status, used for technical support and security.

Navigation data / visited pages: Used for analytics, website improvement, and statistical purposes.

Data Provided Voluntarily


These are personal data that you provide to us at your own discretion and solely if you wish to do so. Specifically:

Contact Form: In order for you to contact us via the Contact Form, we must collect basic identification data (full name) and contact details (email and telephone).

User Account Creation: To create your personal account, you will need to enter your email and password. User passwords are securely stored via encryption/hashing, rendering them unreadable to third parties. Furthermore, in the event of purchases, an order history is retained.

E-shop Data: Identification data (full name), contact details (address, email, telephone), order details, order history, wishlist (optional), and communication history via telephone, email, or social media.

Social Media Data: We maintain official accounts on the following social media platforms:

  • Facebook

  • Instagram

  • YouTube

 

Note: If you choose to follow our aforementioned pages, we will collect and process certain data of yours (e.g., username and profile picture).

5. Data for Newsletters and Marketing: Email address.

 

 

4. CARD PAYMENTS


In the event of a card payment, the card details are entered directly into the secure environment of the payment provider and are neither stored nor rendered accessible by the Website. The payment provider acts as an independent data controller in accordance with its own privacy policy. The Enterprise receives only the strictly necessary information to confirm and complete the transaction (e.g., payment status, transaction amount).

 

 

5. SECURITY MEASURES - PRINCIPLE OF DATA MINIMIZATION

Our Enterprise collects only the strictly necessary data for each processing purpose.

The Enterprise implements all necessary technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or breach.

 

These include, but are not limited to:

  • Data encryption (such as user passwords and payment details).

  • Secure file and server storage.

  • Restricted access solely to authorized personnel.

  • Regular security audits and system updates.

  • Binding our partners with confidentiality agreements.

6. WITHDRAWAL OF CONSENT

In all the aforementioned cases, you retain the right at any time to request the cessation of the processing of your personal data, effective from the date of your request and for the future. Prior processing activities shall remain unaffected by the exercise of this right.

Specifically:

  • Regarding the Contact Form: You may request the deletion of your data by sending an email to info@proofofconcept.gr or via a message through the Contact Form.

  • Regarding your User Account: You have the right to delete it through the relevant account settings.

  • Regarding Social Media: You may withdraw your consent by unfollowing/unsubscribing from our official pages ("unlike, unfollow, unsubscribe").

  • Regarding Newsletters and Marketing: You may send an email to info@proofofconcept.gr.

7. PURPOSE AND LEGAL BASIS OF PROCESSING

Every processing of your personal data serves a specific purpose, of which you must be informed in advance, and this purpose must be lawful (legal basis of processing).

Specifically:

  • Contact Form Data: The purpose of processing is to communicate with you by responding to your messages; the legal basis is your consent (Art. 6(1)(a) GDPR).

  • User Account Data: The purpose of processing is the management of the user account, execution of transactions, customer service, and personalization (tailoring the e-shop experience to your preferences). The legal basis for the above is either the performance of a contract between us (Art. 6(1)(b) GDPR) or your consent (Art. 6(1)(a) GDPR).

  • E-shop Data: These are primarily used for the purpose of executing transactions between us (Art. 6(1)(b) GDPR). When used to tailor your online experience to your preferences (e.g., wishlist), the legal basis for processing is your consent (Art. 6(1)(a) GDPR).

  • Payment Data: The purpose is likewise the performance of the contract between us (Art. 6(1)(b) GDPR).

  • IP & Log Files Data: The purpose of collecting and processing your IP address and other data recorded in log files is to ensure the security of networks and information from accidental events or malicious actions, as well as for the establishment, exercise, or defense of legal claims. The lawful basis for the above is both our legitimate interest in maintaining network and information security or establishing our legal claims (Art. 6(1)(f) GDPR), as well as our legal obligation to concurrently safeguard said security or provide requested information to police/judicial authorities.

  • Social Media Data: The purpose of processing is to communicate with you, respond to messages you send us, or promote our services to you. In any case, the legal basis for the above is the consent (Art. 6(1)(a) GDPR) you provide by interacting with our aforementioned official pages (like, follow, subscribe).

  • Newsletter/Marketing Data: The legal basis for processing is your consent (Art. 6(1)(a) GDPR).

 

The above are outlined as follows:

8. COOKIE POLICY

Regarding the data collected via cookie files, please refer to the detailed information provided here 

9. RECIPIENTS / DATA PROCESSORS

As a general rule, we do not transfer your data to third parties. By way of exception, a transfer may take place:

a. To payment providers utilized on our website, such as Klarna, Stripe, and PayPal. Your personal data required for the execution of the transaction (e.g., payment details, name, email) are transferred to them for the purpose of completing the payment. Said providers maintain security measures in accordance with the applicable data protection standards.

 

b. To our partners who provide web hosting and technical support services. These partners act as data processors on our behalf and are bound by contractual confidentiality and data protection clauses in accordance with Article 28 of the GDPR.

 

c. To police/judicial authorities for the investigation of a case or for the establishment, exercise, or defense of legal claims.

In these instances, all necessary measures have been taken to safeguard the confidentiality, integrity, and availability of your personal data.

10. INTERNATIONAL DATA TRANSFERS

In the event of a payment via Klarna, Stripe, and PayPal, your personal data may be transferred outside the EU/EEA, and all prescribed measures for their protection are maintained. In the event of a transfer outside the EU/EEA, the implementation of appropriate safeguards is ensured, such as the Standard Contractual Clauses (SCCs) of the European Commission.

 

11. DATA RETENTION PERIOD

Your personal data is retained for as long as strictly necessary for the provision of our services, the exercise of our legitimate rights, or the fulfillment of our legal obligations. Specifically:

12. DISCLAIMER (SOCIAL MEDIA AND HYPERLINKS TO THIRD-PARTY WEBSITES)

Our Enterprise bears no responsibility for the manner in which social media platforms process your personal data, as they operate as independent data controllers. You may inform yourself about how they handle your data through their respective Privacy Policies.

Furthermore, in the event that our website contains links to third-party websites (hyperlinks) and you activate them, you may be granting third parties the right to collect data about you. In such cases, we do not control said third-party websites and are not responsible for their personal data handling practices. For this reason, we strongly encourage you to review their own Privacy Policies prior to using their websites.

13. MINORS' DATA

We do not knowingly collect any information from any person under the age of 15. If you are under 15 years of age, do not use or provide information on this website, and do not provide any information about yourself to us, except with the consent of the persons exercising parental responsibility over you. Should we ascertain that we have collected or received personal data from a child under the age of 15, we shall delete such information. If you believe we might hold information from or about a child under 15 years of age, please contact us.

14. AUTOMATED DECISION-MAKING AND PROFILING

The Enterprise does not make decisions based solely on automated processing, including profiling, which produce legal effects concerning or similarly significantly affecting the data subjects, within the meaning of Article 22 of the GDPR. Limited automated processing may occur for the purposes of improving user experience and displaying relevant products, without producing legal or significant effects.

15. YOUR RIGHTS

As customers of the Enterprise, you possess a set of rights, pursuant to the provisions of Articles 15-22 of the GDPR, regarding your personal data processed by our Enterprise.

Should you wish to exercise any of your rights, please address and submit your request to our email address at [info@proofofconcept.gr] or in writing to our postal address: 9 Lykourgou Str., Athens, P.C. 105 51 . We note that in the event of reasonable doubts concerning the identity of the data subject, we may request the provision of additional information necessary to confirm said identity.

Depending on the lawful basis for data processing and the specific conditions stipulated by law, you possess the following rights:

It should be noted that the Enterprise reserves the right in all cases to partially or fully refuse the satisfaction of your request for the restriction of processing or the erasure of your data, if the processing or retention of your personal data is necessary for the establishment, exercise, or defense of its legal claims, or for compliance with its legal obligations.

The Enterprise is obliged to respond to your request within one month of its receipt. Said deadline may be extended by two further months where necessary, at the Enterprise's discretion, taking into account the complexity and number of the requests. In such an event, the Enterprise shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

If the Enterprise does not take action on your request concerning the exercise of the aforementioned rights, or if, following its response, you consider that your aforementioned rights have been infringed, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): 1-3 Kifissias Ave., P.C. 115 23, Athens, https://www.dpa.gr/, tel. (+30) 210 6475600.

bottom of page