Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy (the “Policy”) describes how IDECO ABE (“IDECO ABE”, “we”, “us”, or “our”) collects, uses, stores, and safeguards the personal data of visitors and users of its website ideco.gr, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”), Law 4624/2019, and other applicable legal provisions. This Policy aims to ensure transparency regarding the rights of data subjects and the legal bases for processing.

The protection of personal data of individuals who visit or use our website is of utmost importance. IDECO ABE implements all appropriate technical and organizational measures to ensure that personal data is processed lawfully, fairly, and securely.

Data Controller

The Data Controller is IDECO ΑΡΓΥΡΗΣ ΠΑΠΑΔΟΠΟΥΛΟΣ ΑΝΩΝΥΜΗ ΒΙΟΜΗΧΑΝΙΚΗ ΕΤΑΙΡΕΙΑ (IDECO ABE), with registered office at Kouloura Imathias 0, Veria, 59100, Greece. Contact numbers: +30 23310 97058, +30 23310 97158. For any inquiries concerning the processing of personal data, you may contact the Data Controller directly at info@ideco.gr.

Categories of Personal Data Collected

We may collect the following categories of personal data:

• Identification and contact information (e.g., name, postal address, email address, phone number) provided during registration or portal use.
• Technical information, such as IP address, browser type and version, operating system, date and time of access, visited pages, and duration of sessions, collected for purposes of website security and protection against malware and attacks.

Use of Cookies

Currently, the website does not use cookies. In the event cookies or similar tracking technologies are implemented in the future, explicit consent will be requested in accordance with the GDPR and national law, and users may refuse or delete cookies via browser settings.

Purposes of Data Processing

Personal data is collected and processed strictly for purposes including:

• Providing and improving website services.
• Communication regarding inquiries, feedback, or complaints.
• Execution of contractual obligations or transactions requested by the user.
• Statistical analysis and protection against unlawful activity or fraud.
• Marketing and promotional offers, only upon explicit consent, with the ability to opt-out at any time.

Recipients of Personal Data

Personal data may be disclosed to:

• Public authorities, where legally required or pursuant to a court order.
• Contracted service providers who process data on our behalf under a written agreement ensuring compliance with applicable data protection laws.
• Logistics providers for the purposes of delivering ordered goods.

Data Retention

Personal data will be retained only for as long as required by law or for the execution of contractual obligations, after which it will be securely deleted. Financial data required for transactions is retained solely for the duration necessary to complete the transaction. Upon deletion of an account, personal data will be erased no later than 90 days.

Data Security

IDECO ABE implements all appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data, including encryption via Transport Layer Security (TLS) and periodic security reviews and updates.

Data Subject Rights

Under the GDPR and Law 4624/2019, data subjects are entitled to:

• Right to information
• Right of access
• Right to rectification and erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right not to be subject to automated decision-making
• Right to lodge a complaint with the Hellenic Data Protection Authority (https://www.dpa.gr/)

IDECO ABE reserves the right to update this Policy to reflect changes in legal requirements or technology.