Privacy Policy

Privacy Policy

Privacy Statement of CRAFT

 

Date of entry into force: July 2018

SCOPE OF THIS STATEMENT

 Please read this privacy statement ("Statement") carefully in order to understand our policies and practices regarding Personal Data and how we will process it.

This Statement applies to individuals who use CRAFT's services as consumers. This Statement explains how your Personal Data is collected, used and disclosed by CRAFT entities (referred to as "CRAFT" or, more generally, using the first person plural). It also explains how you can access and update your Personal Data and how you can make certain choices about how it is used.

This Statement covers our online and offline data collection activities, including activities involving Personal Data that we collect through various means, such as through websites, apps, third-party social media, Consumer Service Department, points of sale and events. It should be noted that we collect Personal Data from different sources (e.g. websites, through an offline event). In this context, we combine Personal Data originally collected by various CRAFT entities or CRAFT partners. See Article 9 for more information on how you can object to this type of processing.

If you do not provide us with some necessary Personal Data (we will point out the instances where this should be done, for example, by making it clear on our registration forms), we may not be able to provide you with our products and/or services. This Statement may be changed from time to time (see Article 11).

This Statement provides important information in the following areas:

  1. SOURCES OF PERSONAL DATA
  2. PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
  3. CHILDREN'S PERSONAL DATA
  4. COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS
  5. WAYS OF USING PERSONAL DATA
  6. DISCLOSURE OF PERSONAL DATA
  7. RETENTION OF PERSONAL DATA
  8. DISCLOSURE, STORAGE AND/OR TRANSMISSION OF PERSONAL DATA
  9. YOUR RIGHTS
  10. YOUR CHOICES ABOUT THE WAY WE USE AND DISCLOSE PERSONAL DATA
  11. CHANGES TO THIS DECLARATION
  12. DATA CONTROLLERS & DATA PROCESSORS CONTACT DETAILS
  13. SOURCES OF PERSONAL DATA

This Statement applies in relation to the Personal Data we collect from or about you by the methods described below (see Article 2), from the following sources:

CRAFT websites. Consumer-directed websites operated by/on behalf of CRAFT, including websites that we operate under our own domain names/URLs and mini-sites that we operate on third-party social media providers such as Facebook ("Websites").

CRAFT websites/apps for mobile devices. Websites or mobile applications directed to consumers and operated by/on behalf of CRAFT, such as smartphone applications.

E-mail, texts and other electronic messages. Interactions between you and CRAFT that take place through electronic means of communication.

CRAFT's Consumer Services Department (CES). Contact the Consumer Service Department (CES)

Non-electronic registration forms. Printed or digital registration forms and similar forms that we collect through, for example, postal mailings, in-store testimonials, contests and other promotions or events.

Interactions with advertisements. If you interact with one of our advertisements (e.g. an advertisement on a third party website) we may receive information about this action.

Data created by us. In the context of our interaction with each other, we may create Personal Data concerning you (e.g. a record of the purchases you have made from our website).

Data from other sources. Third-party social media providers (e.g., such as Facebook and Google) or market research (if feedback is not provided anonymously), third parties that collect data, CRAFT's partners for promotions, publicly accessible sources, and data we receive when we acquire other companies.

2. PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

Depending on how you interact with CRAFT (online or offline, by telephone, etc.), we collect different types of information from you, as described below.

Personal contact details. They include the information you provide us with that allows us to contact you, such as your full name, postal address, email address, social media contact details or telephone number.

Account login detailsThe information required to give you access to your specific account profile. For example, the login ID/login email address, username, password in unrecoverable form and/or security questions and answers.

Demographics and interests. Information that describes your demographic or behavioural characteristics. For example, your date of birth, age or age range, gender, your geographical location (e.g. postcode), your favourite products, hobbies and interests, and information about your household and lifestyle.

Information from the computer/mobile device. Information about the computer information system or other technology device you use to access one of our Websites or applications, such as the Internet Protocol (IP) address you use to connect your computer or device to the internet, the type of operating system, and the type and version of your browser. If you access a CRAFT website or application through a mobile device such as a smartphone, the information collected will also include, where permitted, your phone's unique device ID number, advertising ID, geographic location and other similar mobile device data.

Information on the use of the websites/ contact informationDuring your navigation and interaction with our Websites or our newsletters, we use automatic data collection technologies to collect certain information about your actions. This information includes the links you click on, the pages or content you view and for how long, as well as other similar information and statistics about your interactions, such as content response times, download errors and the duration of visits to certain pages. This information is collected through the use of automated technologies such as cookies and web beacons, as well as through the use of third party tracking systems for statistical or advertising purposes. You have the right to object to the use of these technologies and for more details you can refer to Article 4.

Market research and consumer reviews Any information you voluntarily disclose to us about your experience in relation to your use of our products and services.

Content produced by consumers. Any content you create and then share with us on third party social media or by uploading it to one of our Websites or applications, including the use of third party social media applications such as Facebook. For example, photos, videos, personal stories or other similar media or content. Where permitted, we collect and publish consumer-generated content in connection with a variety of activities, such as contests and other promotions, online community activities, consumer loyalty data and third-party social media networking activities.

Information on third-party social media. Any information that you publicly share on a third party social networking site or information that forms part of your profile on a third party social networking site (such as Facebook) that you allow a third party social networking site to share with us. For example, basic account information (e.g., name, email address, gender, birthday, current city of residence, profile picture, user ID, friend list, etc.) and any other additional information or activities that you allow the third-party social media provider to share. We receive your profile information (or part of it) on third-party social media whenever you download or interact with a CRAFT web application on a third-party social media such as Facebook, whenever you use a social networking feature embedded on a CRAFT website (such as Facebook Connect) or whenever you interact with us through a third-party social media. To learn more about how your information from a third-party social media provider is acquired by CRAFT or to opt-out of sharing such information from social media, please visit the website of the relevant third-party social media provider.

Necessary data for making payments and other financial data. Any information we need to process an order or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiry date, etc.) or other forms of payment (if provided). In any case, we or our payment processing service provider handle the necessary data for making payments and other financial data in a manner that is consistent with applicable laws, regulations and security standards such as PCI DSS.

Calls to the Consumer Services Department (CES). Communications with CES will be recorded or made audible in accordance with applicable legislation for local operational needs (e.g. for quality or educational purposes). Payment card details are not recorded. Where required by law, you will be informed of this recording at the beginning of your call.

Sensitive Personal Data. We do not seek to collect or process sensitive personal data in the course of our day-to-day operations. If for any reason it becomes necessary for us to process sensitive personal data concerning you, we rely on your prior explicit consent for any processing operation, which is provided voluntarily (e.g. for marketing purposes). If we process sensitive personal data concerning you for other purposes, we use the following legal bases: i) crime prevention and detection (including fraud prevention); ii) compliance with applicable law (e.g. in compliance with the diversity report).

3. CHILDREN'S PERSONAL DATA

We do not knowingly solicit or collect personal data from children under the age of 16. If we find that we have inadvertently collected personal data of a child under the age of 16, we will immediately remove the personal data relating to that child from our records. However, CRAFT may collect personal data of children under 16 years of age directly from the parent or guardian and with their explicit consent.

4. LOG FILES AND WEB BEACONS

Log files. We collect information in the form of log files that record activity on the site and gather statistics about your browsing habits. These logs are made automatically and help us to correct errors, improve performance and maintain the security of our Websites.

Web beacons. Web beacons (also known as "web bugs") are small strings of code that provide a graphical image on a web page or in an email in order to transfer data to our company. Information collected through web beacons includes information such as your IP address and information about how you respond to an email marketing campaign (e.g. when you opened the email, which links you clicked on in the email, etc.). We will use web beacons on our Websites or include them in emails we send you. We use the information we collect from web beacons for a variety of purposes, including, but not limited to, tracking traffic to websites, counting unique visitors, for advertising purposes, for email monitoring and reporting, and for personalization purposes.

5. WAYS OF USING PERSONAL DATA

The following paragraphs describe the different purposes for which we collect and use your Personal Data and the different types of Personal Data collected for each purpose. It should be noted that not all of the modes of use listed below are relevant to every individual.

Why we use Personal Data

Our reasons

Our legitimate interests

Consumer serviceWe use Personal Data concerning you in the context of consumer service, for example to answer your questions. This usually requires the use of certain personal contact details and information about the reason for your query (e.g. order status, technical issue, product question/complaint, general question, etc.).

·         Fulfillment of contractual obligations

·         Legal obligations

·         Our legitimate interests

 

·         Improvement and development of new products and services

·         Increasing efficiency

 

Competitions, marketing and other promotional activitiesWith your consent (where required), we use your Personal Data to provide you with information about products and services (e.g. communications or marketing campaigns or activities). This can be done using means such as email, advertising, text messages (SMS), telephone calls and postal letters, to the extent permitted by applicable law. Some of our campaigns and promotions are carried out on third party websites and/or social media. This use of Personal Data is voluntary, which means that you can object or withdraw your consent to the processing of your Personal Data for these purposes. For more detailed information on how you can modify your communication preferences for marketing purposes, please see Articles 9 and 10 below. For more information about our competitions and other promotions, please refer to the official rules or the details accompanying each competition/promotion.

·         With your consent (where required)

·         Fulfillment of contractual obligations

·         Our legitimate interests

·         We identify which of our products and services may be of interest to you and inform you about them

·         We identify types of consumers for new products or services

Third-party social media: We use Personal Data about you when you interact with third-party social media features, such as "Like" features, to provide you with advertisements and to contact you on third-party social media. You can learn more about how these features work, the profile data we obtain about you, and how to opt out of these actions by reading the privacy statements of the respective third-party social media providers.

·         With your consent (where required)

·         Our legitimate interests

·         We identify which of our products and services may be of interest to you and inform you about them

·         We identify types of consumers for new products or services

Personalisation (online and offline). With your consent (where required), we use your Personal Data to (i) analyse your preferences and habits, (ii) anticipate your needs based on our analysis of your profile, (iii) improve and personalise your experience on our Sites and applications, (iv) ensure that the content on our Sites/Applications is optimized for you and for your computer or any other device; (v) provide you with targeted advertising and content; and (vi) allow you to participate in interactive features, at your option. For example, we remind you of your login ID/login email address or username so that you can quickly log in the next time you visit our site or so that you can easily retrieve items you have previously placed in your shopping cart. Based on this type of information and with your consent (where required), we also present you with specific content or CRAFT promotions tailored to your interests. The use of Personal Data is voluntary, which means that you can object to the processing of your Personal Data for this purpose. For more detailed information on how you can block these actions, see Article 10 below.

Order processing. We use Personal Data about you to process and ship your orders, to inform you about the status of your orders, to correct addresses and verify your identity, and for other activities in the context of fraud detection. In this context, we use certain Personal Data and information to process payments.

·         Fulfillment of contractual obligations

·         With your consent (as required)

·         Legal obligations

·         Our legitimate interests

 

·         Improvement and development of new products and services

·         Increasing efficiency

·         Protecting our network systems and staff

·         Compliance with legal obligations

 

Other general purposes (e.g. internal research, market research, analytics, security) In accordance with applicable law, we use Personal Data about you for other general business purposes, such as maintaining your account, conducting internal or market research and measuring the effectiveness of advertising campaigns. If you have CRAFT accounts, we reserve the right to consolidate them into a single account. We also use Personal Data for the management and operation of CRAFT's communication, IT and security systems.

Legal or merger/acquisition reasons. In the event that CRAFT or its assets are acquired or merged with another company for reasons including bankruptcy, we will disclose your Personal Data to our legal successors. We will also disclose your Personal Data to third parties (i) as required by applicable law, (ii) in the course of legal proceedings, (iii) to comply with a request made by a competent law enforcement agency, (iv) to protect the rights, privacy, safety or property of us or the public, or (v) to enforce the terms of a contract or the terms of our Website.

 

·         Compliance with legal obligations

·         Protecting our assets and staff

 

6. DISCLOSURE OF PERSONAL DATA

In addition to the CRAFT organisations listed in the section on data controllers and their contact details (see Article 12), we disclose your Personal Data to the following types of third party organisations:

Service providers. These are external companies that we use to help us in the processing of our business (e.g. order processing, payment processing, fraud detection and authentication, website operation, market research companies, support services, promotions, website development, data analysis, Consumer Service Department, etc.). Access and use of Personal Data by service providers and their selected personnel on our behalf is only permitted in relation to specific tasks they have been asked to perform under our instructions and they are required to keep Personal Data confidential and secure. If and when required by applicable law, you may obtain a list of service providers that process Personal Data concerning you (see Article 12 on Contacting Us).

Credit rating agencies/ debt collection agencies. To the extent permitted by applicable law, credit rating agencies and debt collection agencies are external companies that we use to help us check your creditworthiness (particularly in relation to orders for which an invoice is issued) or to collect unpaid invoices.

Third party companies that use Personal Data for the same marketing purposesExcept in cases where you provide your consent, we do not provide or sell Personal Data concerning you to third companies for their own marketing purposes. Their identity will be disclosed to you when your consent is requested.

Third party recipients using Personal Data for legal purposes or in the context of a merger/acquisition. We will disclose your Personal Data to third parties for legal reasons or in the context of a merger or acquisition (see Article 5 for details).

7. RETENTION OF PERSONAL DATA

CRAFT takes all appropriate measures to ensure that Personal Data concerning you are processed only for the minimum period of time necessary in relation to the purposes described in this Privacy Statement. The criteria for determining the duration of the retention of your Personal Data are:

  1. a) CRAFT will keep copies of the Personal Data concerning you in a format that allows identification for as long as:
  1. i) We maintain an ongoing relationship with you (e.g. you are on our email list and have not unsubscribed)
  2. ii) Personal Data concerning you is necessary to fulfil the purposes described in the Privacy Statement and we have a valid lawful basis.
  1. b) The duration of: i) the applicable limitation period (e.g. the period of time during which an individual could bring a claim against us) and ii) an additional period of 2 months after the end of the limitation period (so that we can identify the Personal Data of the individual who may bring a claim at the end of the limitation period)
  2. c) In addition, in the event that relevant claims are made, we may continue to process your Personal Data for as long as necessary, based on the progress of the claims that have been made.

During the periods referred to in paragraph b) i) and b) ii) above, we will limit the processing of your Personal Data to the storage and maintenance of the security of such data, unless the data needs to be reviewed in relation to any claim or obligation arising from applicable law.

At the end of the period of time referred to in paragraphs a), b), c) above, as applicable each time, we will proceed either to permanent deletion or destruction of the relevant Personal Data or to their anonymization.

8. DISCLOSURE, STORAGE AND/OR TRANSMISSION OF PERSONAL DATA

We use appropriate measures (as described below) to keep your Personal Data confidential and secure. It should be noted, however, that these protections do not apply in relation to information you choose to share in public places, such as third-party social media.

Persons who may have access to Personal Data Personal Data concerning you will only be processed by our authorised staff or agents who need to know them, depending on the specific purposes for which they have been collected (e.g. our staff handling consumer service issues will have access to the consumer file concerning you).

Measures taken in operational environments. We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorized access. We apply reasonable security standards to protect Personal Data. Unfortunately, the transmission of information over the Internet is not completely secure and although we will do our best to protect your Personal Data, we cannot guarantee the security of the data during transmission through our Websites and applications.

Measures we expect you to take. It is important that you play a role in keeping your Personal Data safe. When you proceed to register to create an online account, make sure that you choose a password to the account that will be difficult for others to guess and should never be revealed to any other person. You are responsible for keeping this password confidential and for every use of your account. If you share a computer or use a shared computer, never choose to be reminded of your identity/login email address or password, and make sure you are logged out of your account every time you leave the computer. You should also make use of the privacy settings or controls we provide on our Website/application.

Transmission of Personal Data. The storage and processing of Personal Data, as described above, ultimately implies the transfer/transmission and/or storage of your Personal Data to a destination outside your country of residence including countries that apply different data protection standards than those applicable in the EEA. We have (i) put in place standard contractual clauses, approved by the European Commission, for the protection of Personal Data (and you have the right to ask us for a copy of these clauses (by contacting us as set out below) and/or (ii) we will rely on your consent (as permitted by law).

Due to the international nature of our operations, we may also need to transfer your Personal Data to third parties, as referred to in Article 6 above, for the purposes described in this Privacy Statement. For this reason, we may transfer your Personal Data to other countries, which have different data protection laws and compliance requirements than those applicable in your country of residence.

9. YOUR RIGHTS

Access to Personal Data. You have the right to access, review and request a paper or electronic copy of the information we hold about you. You also have the right to request information about the origin of the Personal Data concerning you.

You can exercise these rights by sending us an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. or by writing to us at CRAFT S.A., 132 Lefkis Street, Kryoneri, 145 68, Greece and enclosing a copy of your identity card or similar information (in cases requested by us and permitted by law). If the request is made by another person and not by you, without providing evidence that the request was legitimately made on your behalf, the request will be rejected.

It should be noted that the identity information provided to us will only be processed in accordance with and to the extent permitted by applicable law.

Additional rights (e.g. modification, deletion of Personal Data). In accordance with applicable law, you may (i) request the deletion, portability, rectification or review of your Personal Data, (ii) restrict the use and disclosure of your Personal Data and (iii) withdraw your consent to any data processing activity of our company.

In accordance with applicable law, you may exercise the following additional rights regarding the use of your Personal Data concerning you:

  • the right to object, for reasons related to your particular situation, to the use of the Personal Data concerning you by/on behalf of CRAFT
  • the right to object to the processing of your Personal Data by/on behalf of CRAFT for direct marketing purposes,

It should be noted that, in some cases, it will be impossible for us to delete your Personal Data without deleting your user account at the same time. We may be required to retain certain Personal Data concerning you, even after you have requested its deletion, in order to comply with our legal or contractual obligations. We may also be able under applicable law to retain certain Personal Data relating to you for our business needs.

Where possible, our websites have a special function through which you can control and process the Personal Data you have provided. It should be noted that we require our registered consumers to verify their identity (e.g. login ID/login email address, password) before they can access or make changes to their account information. This prevents unauthorised access to your account.

We hope that with our answers we will be able to answer your questions about how we process Personal Data. However, if you are still concerned about unresolved issues, you have the right to lodge a complaint with the competent data protection authorities.

10. YOUR CHOICES ABOUT THE WAY WE USE AND DISCLOSE PERSONAL DATA

We try to offer you choices about the Personal Data you provide to us. You can check your Personal Data concerning you through the following mechanisms:

Cookies/Similar technologies. You can manage your consent through (i) the consent management solution we provide or (ii) your browser so that you can refuse the use of all or some cookies/similar technologies or be notified when they are used. See Article 4 above.

Advertising, marketing and other promotional activities. You can give your consent to the use of your Personal Data by CRAFT for the promotion of our products or services through the corresponding box of the registration form or by answering the question(s) submitted by the representatives of the Consumer Service Department. If you decide that you no longer wish to receive such communications, you may opt out of receiving marketing communications at any time by following the instructions provided in each communication. To opt out of receiving marketing communications sent by any means, including third party social media, you may opt out of receiving communications at any time by unsubscribing via the links available in our communications by logging into the Websites/apps or third party social media and by adjusting your user preferences in your account profile by unchecking the relevant boxes or calling our Customer Services Department. It should be noted that even if you indicate that you do not wish to receive communications for marketing purposes, you will continue to receive communications of an administrative nature from us, such as order or other transaction confirmations, notifications of your account activities (e.g. account confirmations, password changes, etc.) and other important communications that are not of a marketing nature.

Personalisation (online and offline):  Where required by law, if you wish CRAFT to use Personal Data concerning you in order to provide you with a personalized experience/targeted advertising and content, you may indicate this through the relevant box(es) on the registration form or by answering the question(s) submitted by the representatives of the Consumer Services Department. If you decide that you no longer wish to benefit from such personalisation, you can opt out at any time by logging into third party websites/apps or social media and adjusting your user preferences in your account profile by unchecking the relevant boxes or by calling our Consumer Service Department.

Targeted advertising. We work with advertising networks and other advertising service providers ("Advertising Providers") that provide advertising on behalf of our company and other non-affiliated companies on the internet.  Some of these ads are tailored to your interests based on information collected on CRAFT websites or non-affiliated websites from time to time.  You can visit the www.aboutads.info/choices to learn more about this type of advertising, and how to block online advertising practices by companies participating in the standalone program of the Digital Advertising Alliance (DAA). In addition, you can block ads of this type in mobile apps from companies participating in the DAA's AppChoices app by downloading the app from the iOS or Android app store.  You can also stop the collection of precise location data from a mobile device by going to your device's location service settings.

11. CHANGES TO THIS DECLARATION

If we change the way we handle Personal Data, we will update this Statement. We reserve the right to make changes to our practices and this Statement at any time, so we recommend that you check back frequently for updates or changes to our Statement.

12. DATA CONTROLLERS & DATA PROCESSORS CONTACT DETAILS

To ask questions or make comments about this Statement and our data protection practices or to make a complaint regarding our compliance with applicable data protection legislation, you may contact us at: This email address is being protected from spambots. You need JavaScript enabled to view it. or write to us at CRAFT S.A, 132 Lefkis Street, Kryoneri, 145 68. Greece or call the Consumer Service Department at the following number: from a landline at 800-4000-200 (toll-free) and from a mobile phone at +30 216-4000200 (with charge).

We will acknowledge and investigate any complaints about the way we handle Personal Data (including complaints about a breach of your rights under applicable data protection legislation).

 Data controllers

Responsible for

FOODRINCO S.A.

132 Lefkis Street, Kryoneri, P.C. 145 68, Greece

All activities