Personal data and security

This Personal Data Protection Policy has been developed in accordance with the provisions of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This Personal Data Protection Policy informs you about what information (hereinafter personal data) we may collect from you, why it will be used, who that information will be shared with, and what security procedures we have implemented to protect your personal data. Personal data means information that can identify a specific individual such as the name, address, phone number or email address, Tax Reg. No. your transactions with us, and credit card details, only when required. The information collected, is checked and held by our company NIKOLIS GROUP S.A., whose registered offices are at 38-40 Posidonos St., Metamorfosi, Attica Greece GR-14451 When you enter into a transaction via our website and e-shop, you enter into a contractual relationship with us. It is vital for us to collect your personal data in order to complete a booking via our website. You provide that data voluntarily and it is not collected at our initiative. Your personal data is collected with your express consent (so we are able to perform our contractual obligations to you) for specific, express and lawful purposes and does not undergo additional processing in a manner incompatible with those purposes (Article 5(1)(b) of Regulation (EU) No 2016/679). In that contractual relationship in which you are the data subject, our Company functions as the data controller for your personal data (Article 4 of Regulation (EU) No 2016/679.

A. Purposes of processing and recipients of data

1.Customer personal data which is provided is only used by NIKOLIS GROUP S.A. exclusively to carry out and provided evidence of your orders and issue the relevant tax records / invoices. To better perform its obligations and optimise its services the company may collaborate with other data and record storage companies to hold and store such data, which are bound under contract to comply with the terms and conditions set out in Regulation (EU) No 2016/679 on personal data protection, and have already complied with that Regulation, and have no right to transmit the data to other persons, and are bound by a NDA. The recipient in this case is our company only and the said companies act as data processors, on our behalf in accordance with our instructions.

2. Τhe personal data may also be used to generate statistics, which means that they contain no personal data that could lead to individuals being identified. Only our company is the recipient in this case.

3. With your express consent advertising from NIKOLIS GROUP S.A. and newsletters may be sent to your email address. Only our company is the recipient in this case.

4. Your personal data may also be sent to enterprises which collaborate with NIKOLIS GROUP S.A. (data processors) for the sole purpose of sending advertising materials and personalised officers from NIKOLIS GROUP S.A., only if you have already consented to being sent advertising materials and newsletters. To that end, you can select the relevant option from "My profile”. The recipients in this case are our company and the data processors who are bound under contract to comply with the terms and conditions set out in Regulation (EU) No 2016/679 on personal data protection and have also signed NDAs with us.

5. Other third parties may also be recipients to the extent that that is necessary for the following purposes: (i) compliance with a government request, court judgment or applicable law and (ii) to prevent illegal usage of websites and/or breaches of the website terms of use and our policies.

B. Personal data we collect and how we collect it

Although in some cases we will ask you for personal data -when you want to create an account on for example or want to purchase products or services (and we will make it clear to you what we need at that point in time)- you can visit pages on our website often without needing to provide any of your personal data.
We may collect your personal data in the following cases:

• When creating your account on our website so you can make purchases: During registration as an individual on you provide us with your name, surname, mobile phone number, email address, home address and country of residence. All that information is vital for us to facilitate you and enable you to make purchases. If you opt to register as a business, you will provide the company name, address, email address for the company, the type of business, a contact phone number and liaison, and the company Tax Reg. No., information which is essential for invoices to be issued in the company’s name. All information is held and managed by us in accordance with this Personal Data Protection Policy. You can unsubscribe at any time via your account

• When purchasing - ordering a product and/or a service: When completing your order, you provide us not just with the personal data mentioned above, if you have not registered (name, surname, mobile phone number, email address, home address and country of residence) but also your credit card details, if you opt to purchase with a credit card, including the card number, type, cardholder’s name, expiry date, billing address (for the invoice or receipt) and order delivery details. If you choose the “Design” option to create an item to suit your tastes and do not have an account with us as an individual, you provide your name, surname, mobile phone number, email address, home address and country of residence. If you opt to register as a business, you will provide the company name, address, email address for the company, the type of business, a contact phone number and liaison, and the company Tax Reg. No., information which is essential for invoices to be issued in the company’s name. Information about the progress and completion of your order can be sent by SMS to your mobile phone if you so wish.
• When you register just to receive informational materials or marketing materials or update your preferences via the dashboard: You only provide us with your email address to which the relevant informational/advertising materials from our company will be sent. You retain the right to unsubscribe from the newsletter at any time.

• When you contact our company via the contact form or via our Customer Service Department. When you contact us using the relevant contact form on the site, you will be asked to provide the minimum personal data needed (name, surname, country and email address). Moreover, your calls to our switchboard may be recorded for quality assurance purposes and will be deleted after 7 days
Using data collection tools when you visit our website: In addition to information you provide to us voluntarily, certain information is collected automatically when you visit our website, using data harvesting technologies which we use from time to time such as cookies. Every time your visit our website, the cookies collect information from your computer, including technical information such as the IP (internet protocol) address, your operating system, the browser type and version number, the referring site, and information about your purchase preferences, products you have viewed/searched for and your activity on our website. If you use a wireless network and have internet access via your mobile phone or other device, you should contact your provider to learn how they collect your personal information.Τηλ: 210.2814014 E-shop: 210.3233525 Fax: 210.2829019 ΑΦΜ: 999871451 ΔΟΥ: ΦΑΕ ΑΘΗΝΩΝ Email: [email protected]

C. Data subject’s rights - Data retention period

1. Every customer can exercise the right to ask the Company (which operates as a Data Controller in our contractual relationship as stated above) to delete his/her personal data in accordance with the specific provisions of Article 17 of Regulation (EU) No 2016/679 and to unsubscribe from the relevant newsletter. Deletion cannot relate to essential information and personal data which are held for a specific period for the purpose of complying with tax and other laws.

2. Every customer may request access to data and specifically product purchases made by activating the relevant option under “My profile”. This right must be met by the data controller within 30 days.

3. Every customer is entitled to request that any inaccurate data relating to you be corrected (article 15 of Regulation (EU) No 2016/679. Given the purposes for which our company processes data in the context of our contractual relationship, you can demand that missing personal data be supplemented, by sending a request to that effect to our company, for example (Article 16 of Regulation (EU) No 2016/679).

4. Every customer can ask for his/her data to be transferred to another provider to the extent that that is possible and does not conflict with the company's commercial secrets and business confidentiality policy.

5. Every customer may ask for his/her personal data processing to be limited in the time it takes to examine objections to processing.

6. Every customer’s personal data is only stored for the time your account on our website is active. Otherwise the data is stored for the period necessary for our company to be in full compliance with the obligations deriving from law and in particular tax and other commercial law obligations (Article 23 of Regulation (EU) No 2016/679). If you have any complaints, please contact our company’s Data Protection Officer referred to at the end of this document or submit a compliant to the Hellenic Data Protection Authority.

D. Cookies Policy

In accordance with Directive 2009/136/EC we would like to inform you that our website may use cookies to clarify how users have reached our website and to identify recurrent general usage patterns during such time as users are on the page. Cookies are messages that a web server sends to a web browser when you visit a website. Your browser stores each message in a small file which will provide us with information about your last visit to our website. That information is collected and analysed overall in order to improve our website’s operation, content and overall look. Most browsers automatically accept the use of cookies but by changing the settings on your computer you can opt not to accept them or you may be asked to accept each new cookies, but doing so could limit the range of options available via the website.

We specifically use the following types of cookies:

a) Analytics cookies - We are constantly trying to improve our website by simplifying ticket search and booking procedures. The most useful and precious information we receive to that end comes from Analytics Cookies which allow us to anonymously see how visitors to our website are acting, and recording the content they see and what they are interested in. That helps us improve our services and the online experience we offer you and helps us ensure that our users find the information they are looking for.

b) Social networking cookies - Using these cookies we have the chance to integrate content from social networks to share social network widgets or tailor your experience based on the information relevant to you which you have shared in the past via your social networking accounts.

c) Advertising cookies - Let us help you by suggesting special offers of real interest to you! These cookies collect information about your preferences and choices while on our website, so you see tailored advertising in keeping with the products and services of real interest to you.

d) Technical cookies - These only relate to website usage. They are vital for us to properly and accurately provide you with the services you are seeking

e) functional cookies - These are necessary to provide the services users are looking for from the website. Our site uses these cookies.

f) New Relics - We use New Relic Analytics to monitor our website performance, its hidden back systems and architecture. Using that information, we can make changes to improve website performance


Data Protection Officer : Konstantinos Ntzoufas [email protected]

GDPR Representative : Manolis Anthis [email protected]