This Notice describes the personal data that Tsimpimpakis – OLIVE BREEZE collects about you; how we use and protect this information; the choices you can make about how we use this information.
This Notice may change from time to time, such changes being always available at our website, www.olivebreeze.gr.
What type of personal data we collect about you?
Name & Surname. We collect the given names (first name, family name) of our clients, as well as the Username they choose when they express interest in our products, or sign up in our website in order to place an order and purchase our products or whey they sign up for our newsletter.
Email. We collect the email address of our clients when they express interest in our services, or when they sign up in our website or for our newsletter.
Postal address. We collect the postal address of our clients for billing purposes and of consumers who order our products.
Phone number. We collect the phone number of our clients in order to contact them for the execution of the order and the delivery of the products. for billing purposes, and of customers who order products or services.
Also, after placement of the e-order, you will be requested to fill out any bank account and/or credit/debit card details for the purpose of the performance of the purchase contract. Such data are filled out by you after you have been redirected to a safe location of the bank and not through our website and, therefore, we do not collect, store or process said bank account/card data submitted by you.
How do we collect your personal data?
We collect your personal data when you visit our website.
The website collects anonymized data for functionality purposes as well as anonymized browsing data through an analytics platform (e.g. Google Analytics etc.). For more information about analytic, functionality data etc., please refer to the Cookie Policy available here.
We also collect your data when you contact us about our products and services, when you fill out the sign-up form on our website, when you place an order, or you sign up for our newsletter.
How do we use your personal data?
We use (process) your personal data for the purposes set out below:
For the execution of your order, for billing purposes and for the optimum provision of our services to you.
For marketing and/or promotion activities, such as emails we send to those opted-in for our newsletter. All these people submitting their email addresses during our contact and opting in for our newsletter may be added in the list of the people which our newsletters are being sent to. All newsletter recipients are provided with the option to opt-out from our newsletter mailing list.
What is our legal basis for the processing of your personal data?
The processing of your personal data, which is used for the provision of our services to you, is based on the performance of the contract as well as for the purpose of our compliance with the applicable provision of the law.
The processing of your personal data, which is used for marketing and/or promotion purposes, is based on your consent.
How long do we keep your personal data?
We keep our clients’ and consumers’ data for at least five (5) years so that we may be able to fulfil our obligation for retention of accurate files for the tax or other administrative authorities. In case of an order cancellation, the data retention period is one (1) month as of our clients’ declaration that they wish to cancel their order.
We keep the personal data of those persons who have signed-up for our newsletter (and/or the promotional activities) for as long as these persons declare that they no longer wish to receive newsletter (and/or promotional material) from us.
We keep personal data of those persons who have created a user account on our website and registered until these persons declare that they wish the cancellation of their account or for four (4) years as of the date of their last visit to our website using their credentials
What safeguards have we taken to protect your personal data?
When you give us personal information, we take steps to ensure that it is treated securely. We have implemented the following technical and organizational measures in order to protect your information from loss, misuse or alteration:
Secure server
APIs and functions in use to making sure unauthorized code cannot be injected, as also care for and prevent:
Cross Site Request Forgery (CSRF)
Invalidated Redirects and Forwards
Insecure Direct Object Reference
SSRF (Server Side Request Forgery) Attacks
XXE (XML eXternal Entity) processing attacks
Proper authorization and permissions for any function level access requests prior to the action being executed, user account passwords are salted and hashed based on the Portable PHP Password Hashing Framework
Core software manages user accounts and authentication and details such as the user ID, name, and password are managed on the server-side, as well as the authentication cookies. Passwords are protected in the database using standard salting and stretching techniques. Existing sessions are destroyed upon logout.
Provides direct object reference, such as unique numeric identifiers of user accounts or content available in the URL or form fields. While these identifiers disclose direct system information, WordPress’ rich permissions and access control system prevent unauthorized requests.
Our database and your personal data contained therein are protected by access control system (access control).
Access to the database is restricted. Full access to the database has been granted only to some of our personnel.
Where your data is transferred to?
In the context of our business activities, we use third party providers, which provide services on our behalf, such as transportation services, courier services etc. Therefore, we might share your personal data with them. However, we only share such data being necessary for the provision of services requested, and we require them to protect your data and not use them for any other purpose whatsoever.
We use the following categories of third party providers:
Alpha Bank Payment Gateway
What rights do you have?
You have the right to request access to your personal data we process. You also have the following rights:
Ι. Right for rectification or deletion (in certain cases) of your personal data;
ΙΙ. Right to object to the processing of your personal data;
ΙΙΙ. Right to receive your personal data as well as the right to transfer such data to another company;
IV. In cases where we process your personal data on the basis of your consent, you have also the right to withdraw your consent any time, without such withdrawal affecting the lawfulness of processing prior to your consent withdrawal.
Lastly, you have the right to lodge a complaint to the supervising authority. If you are not aware which is the supervising authority, please contact us to provide assistance.
We do not process, assign, sell nor amend any of the information stored in the database.
How to contact us?
You may contact us if you have any question about the processing of your personal data or the use of cookies or in order to exercise your rights, by emailing us at info@olivebreeze.gr or by using the online contact form available at our website.
The contact person for the exercise of your rights as well as for any other issue related to the processing and protection of your personal data is
Ms. Vaso Tsimpimpaki,
email: vaso@olivebreeze.gr,
Tel: 0030-6988822124.
Version Information
