Stone one

Stone One

Menu

Privacy policy

Privacy Policy

We are happy with your interest about our data protection feature on our website. We want you to feel happy and safe when visiting our website and consider the application of data protection as a quality feature to the customer. With the following data protection notes we inform you about the manner and scope of processing of personal data by the "Galdania Investments Ltd", owner of the TheStoneOne trademark (hereinafter TheStoneOne) based at 09 Omono Str, Limassol 3045 Cyprus e-mail: info(at)thestoneone.gr - tel.: +34 6515 63441, VAT No: CY10283072N.

Personal data is information that is or may be classified directly or indirectly about you. The legal basis for data protection is in particular the General Regulation for Data Protection 679/2016, more commonly known by the abbreviation GDPR.

Contents Overview

• 1. Overview

• 2. Login to our website

• 3. Contact form / email communication / phone calls / customer inquiries

• 4. Competitions

• 5. Data processing for advertising purposes

• 6. Sending a newsletter

• 7. Online presence and optimization of websites

• 8. Non-EU recipients

• 9. Your rights as data subjects

• 10. Contact persons

• 11. Name and contact details of the controller as well as contact details of the operational data protection officer

1. Overview

By entering the website of TheStoneOne, various information is exchanged between your terminal and our server. In this case, personal data may also be processed. The information collected in this way will be used, among other things, mainly for the optimization of our website or for advertising in the internet browser of your terminal.

2. Login to our website

Purposes of data processing / legal bases:

Upon entering our website, by the internet browser of the terminal you use, are automatically sent to you without any action by your side:

• the IP address of the Internet-enabled device that submitted the request,

• the date and time of access,

• the name and email address (URL) of the requested file,

• the website / application from which the access was made (referrer-URL),

• the web browser you are using

• the operating system of your computer / terminal

• as well as the name of the access provider.

The above information is sent to the server of our website and is temporarily stored in a log file for the following purposes:

• guarantee of proper connection,

• guarantee of comfortable use of our website / application,

• evaluation of system security and stability.

If you have consented to the so-called geolocation in your web browser or operating system or after other settings of your terminal, we will use this feature to be able to provide you with personalized services regarding your current location. We promise to process your location data obtained in this way solely for this function.

The legal basis for the processing of the IP address is Section 6 (1) (f) of the General Regulation on Data Protection (GDPR) 679/2016. Our legitimate interest arises from the above-mentioned purposes of data processing.

Recipients / categories of recipients:

We generally exclude the transmission of this data to third parties.

Storage duration / criteria for determining the storage duration:

The data is stored for a maximum period of 50 months and then deleted automatically. Once you stop using our website, the geolocation data is deleted.

3. Contact form / email / phone calls / customer inquiries

Purposes of data processing / legal bases:

The personal data you provide to us when completing a contact form, by telephone or e-mail, will of course be treated as confidential by us. We will use your data exclusively for a specific purpose, to process your request. The legal basis for data processing is Section 6 (1) (f) of the GDPR. Both our own and your parallel (legal) interest in this data processing arises from the goal of providing you with an answer and, possibly, resolving any existing problems and thus maintaining and enhancing your satisfaction, as a customer or user of our website.

If you participate in our customer surveys, this is done on a purely voluntary basis. During this anonymous investigation, no information is stored which allows conclusions to be drawn about the participant in the investigation. Only the date and time of your participation are saved. Any personal information you provide in response to our inquiry is deemed to have been given voluntarily and is stored in accordance with the GDPR. Please do not enter your name or similar information in the free text fields, which allows conclusions to be drawn for you or others.

In case of a declaration of consent in the context of a customer inquiry, the legal basis for data processing, which is based on consent, is Section 6 (1) (a) of the GDPR. If you have given consent in the context of a customer survey, such consent may be revoked at any time with effect for the future. More detailed arrangements for these cases can be found in the specific data protection authorities of each customer investigation.

Recipients / categories of recipients:

As a rule, the transfer of data to third parties is excluded. Exceptionally, the data is processed by processors on our behalf. These are carefully selected each time, controlled by us and are contractually binding in accordance with Section 28 of the GDPR.

In addition, we may be required to forward excerpts from your request to our counterparties (eg suppliers, for product requests) in order to process your request. If the transfer of your personal data is required in an individual case, we will inform you about it in order to obtain your consent.

The results of our customer surveys are typically used only for internal evaluations. As a rule, the transfer of data to third parties is excluded. We do not transmit personal data to third parties unless we obtain your express consent.

Storage duration / criteria for determining the storage duration:

All personal information you provide to us in the context of requests (suggestions, praise or criticism) through this website or via email, are deleted by us or made anonymous no later than 120 days after the final response provided. Experience has shown that there are usually no clarifying questions to your answers after 120 days.

4. Competitions

Purposes of data processing / legal bases:

You have the opportunity through our website, through our newsletter, through short emails such as sms / Viber / related digital services (eg inbox) or in the future through a relevant application of TheStoneOne to participate in competitions. Unless otherwise provided by the specific data protection authorities of each competition or if you have not given us additional express consent, the personal data you provided to us in connection with the competition will be used solely for the conduct of the competition (eg announcement of winners, notification of winners, sending of the prize) and after a sufficient period of 90 days for any objections, disputes or objections from other participants will be deleted. The legal basis for data processing is first and foremost Section 6 (1) (b) GDPR. In the event of a declaration of consent being submitted in a tender, Section 6 (1) (a) GDPR is the legal basis for the processing of data based on consent. Once you have given your consent in a contest, you have the option to revoke that consent at any time with effect for the future. More detailed arrangements for these cases can be found in the special data protection authorities of each competition.

Recipients / categories of recipients:

The transfer to third parties takes place only if this is required for the processing of the competition (eg sending the prize through a cooperating company). As a rule, further transmission to third parties is excluded.

Storage duration / criteria for determining the storage duration:

After the end of the competition, the announcement of the winners after a sufficient period of 90 days for any objections, disputes or objections from other participants, the personal data of the participants are deleted. In the case of prize material, the winners' data is kept for the duration of the legal warranty claims, so that it can be restored or replaced in the event of a defect.

5. Data processing for advertising purposes

Purposes of data processing / legal bases:

With your consent we analyze the usage behavior in the context of our online presence as well as in the newsletters that we send you. User behavior evaluation includes in particular the areas of the website you visit and which links you use there. With these data we create personalized user profiles that are classified by person and / or e-mail address, in order for the advertising offer of TheStoneOne, in the form of a newsletter, advertising messages on the website and printed advertisements to be better adapted to your personal interests and to improve our online offers. The legal basis for the abovementioned treatment is Section 6 (1) (a) of the GDPR or, if there is a corresponding consent, Section 6 (1) (a) of the GDPR. The processing of existing customer data for the same advertising or third-party advertising purposes should be considered a legitimate interest.

Right of objection:

You can oppose the processing of data for the stated purposes at any time and at no cost, separately for each channel of communication and with effect for the future. An e-mail or a letter to the contact details referred to in point 14 will suffice.

Recipients / categories of recipients:

We generally exclude the transmission of this data to third parties.

Storage duration / criteria for determining the storage duration:

If you revoke your consent to individual advertisements or object to certain advertisements, your data will be deleted by the respective email distributors. If you object, that contact address will be excluded from subsequent processing of ad data. We would like to point out that in exceptional cases, the sending of promotional material may continue temporarily after the receipt of the objection. This technically depends on the time required to deliver the advertising messages and does not mean that we do not apply your objection. Thank you for your understanding.

6. Sending a newsletter

Purposes of data processing / legal bases:

On our website we provide you with the opportunity to subscribe to the newsletter. If you consent to the receipt of our newsletter, we will use your email address and possibly your name to send (if possible, separate) product information, promotions, contests and news, as well as customer satisfaction surveys. We store and process this data in order to send a newsletter. The contents of the newsletter include promotions (offers, discount offers, contests, etc.) as well as products and services of TheStoneOne.

With your consent we analyze your own usage behavior on the websites linked to TheStoneOne in mobile applications as well as in our newsletters. The evaluation of the usage behavior includes in particular the areas of the respective website, the mobile application or the newsletter and the links that you activated. With these data we create user profiles that are classified by person and / or e-mail address, in order for the advertising offer, especially in the form of newsletter, advertisements on the website and print advertising, to better suit your personal interests and to improve our online offers. The legal basis for the processing of data in the context of the dispatch of the prospectus is consent in accordance with Section 6 (1) (a) of the GDPR.

To ensure that you did not make a mistake when entering your email address, we have introduced a double opt-in procedure. So, after entering your email address in the specified field, we send you a confirmation link. Only if you select this confirmation link will your email address be sent to our distributors.

You can revoke your consent to the receipt of the newsletter, to participate in customer satisfaction questionnaires and to the creation of personalized user profiles at any time with validity for the future, e.g. if you unsubscribe from the newsletter through our website. The link to unsubscribe from the page is at the end of each newsletter. By deleting your subscription from our newsletter, your consent to create a personalized user profile and to download the personalized newsletter is revoked. In this case your usage data is deleted.

Recipients / categories of recipients:

If external distributors are used to carry out the transmission of the prospectus, they must be contractually bound in accordance with Section 28 of the GDPR. As a rule, further transmission to third parties is excluded.

Storage duration / criteria for determining the storage duration:

If you revoke your consent for the receipt of the newsletter of TheStoneOne, your email address is "locked" from the receipt of the newsletter. Your data will be deleted after 6 months by the respective email distributors.

7. Electronic presence-communication and optimization of websites

7.1 Cookies - General information

On our websites we use the so-called micro data (cookies) based on Section 6 (1) (f) GDPR. Our interest in optimizing our website should be considered legal within the meaning of the aforementioned provision. Microdata are small files that are stored on your terminal device (computer, laptop, tablet, smartphone, etc.) when you visit our website. Microdata do not damage your terminal device, do not contain viruses, trojan programs, or other malicious programs. Information which arises each time in relation to the specific terminal device used is stored in the microdata. This does not mean that we have immediate knowledge of your identity because of them. The use of microdata aims on the one hand to offer you a more comfortable use. For this reason, we use the so-called session microdata to acknowledge that you have already visited individual pages of the website. These are automatically deleted as soon as you leave our website. In addition, we use temporary microdata for ease of use, which are stored for a specified period of time on your terminal device. If you visit our page again to use our services, we automatically acknowledge that you have already visited us, what entries / settings you have made, so that you do not have to do the same thing again.

On the other hand, we use the micro-data to statistically analyze the use of our website in order to optimize our offer as well as to display information that is specifically tailored to you. The microdata allow us to automatically acknowledge on your next visit to our website that you have visited us again. These microdata are automatically deleted after a predetermined period of time that normally does not exceed six (6) months. Most web browsers automatically accept microdata. However, you can set up your web browser so that the microdata are not stored on your terminal device, or a sign is constantly displayed before a new microdata is saved. However, the complete deactivation of the microdata may result in the inability to use some functions of our website. You will find more information about used microdata and your ability to object to it in the Cookies Policy, as well as here in Sections 7 to 9.

7.2 Google Analytics Purposes of data processing / legal bases:

For the purpose of customizing and continuously optimizing our websites, we use in accordance with Section 6 (1) (f) GDPR, Google Analytics, a web analytics service of Google Inc. ("Google"). Our legal interest arises from the stated purposes. In this context, "pseudonymously" user profiles are created and cookies are used. The microdata records the following information about the use of this website:

• internet browser type / version

• operating system used

• Url reference (ie the previous page you visited)

• Access computer name and Internet Protocol (IP) address

• Server request time.

The information is used to evaluate the use of our websites, to report on website activities and to provide additional services related to the use of the website and the internet for the purposes of market research and the configuration of such websites, according to the needs. Internet Protocol (IP) addresses become anonymous so that they cannot be mapped by deleting one or more digits (called IP-masking).

You can prevent the installation of microdata by setting up your web browser accordingly. However, we would like to point out that in this case it may not be possible to use all the features of this website. You may also prevent the analysis of data generated by the microdata relating to the use of this website (including the web protocol address) as well as the processing of such data by Google if you download and install this extension in the Chrome web browser of Google. Instead of the above web browser extension, you can also block Google Analytics analysis if you choose this link, especially for mobile browsers. This creates an opt-out cookie, which prevents future analysis of your data when you visit this website. The exception microdata only applies to this web browser and only to our website and is stored only on your device. If you delete the microdata from this web browser, you will need to re-save the exception microdata. More information about data protection in relation to Google Analytics can be found on the Google Analytics website.

Recipients / categories of recipients:

The information generated by the microdata is transmitted to a Google server in the USA and stored there. In no case will your Internet Protocol (IP) address be merged with any other data from Google. This information may also be passed on to third parties if required to do so by law or if such data is processed by authorization.

Storage duration / criteria for determining the storage duration:

After "anonymizing" the web protocol address, it is no longer possible to connect with your person. Data generated for statistical purposes are deleted from Google Analytics after 50 months. Reports based on Google Analytics are no longer referenced in person.

7.3 Website targeting and website optimization

Purposes of data processing / legal bases:

On our website, the information is analyzed and evaluated using microdata in order to optimize our websites and the advertisements displayed on them. In this way, in particular, it is ensured that only the advertisement that is tailored to your real or supposed interests based on the usage behavior so far will be displayed on your terminal device. The information processed for these purposes contains, for example, information about the products you are interested in. The legal basis for such data processing is Section 6 (1) (f) of the GDPR. Therefore, the optimization of our websites in order to have a better shopping experience and to avoid advertisements that are not of interest to you is in the interest of both us and you. The analysis and evaluation are carried out exclusively under a pseudonym and does not allow us to identify you. In particular, the information is not merged with your personal data.

Recipients / categories of recipients:

Recipients of the data are the above-mentioned service providers, who process your data on a contractual basis only for a specific purpose and in accordance with our instructions.

Storage duration / criteria for determining the storage duration:

The Microdata used and the information contained in them are stored in accordance with the Microdata Policy (Cookies) and are deleted immediately in case of objection.

7.4 Re-targeting Purposes of data processing / legal bases:

We also use the re-targeting technologies of various providers. This allows us to shape our online offer in an interesting way for you. For this purpose, a microdata is created, with which data of interest are collected using a pseudonym. In this case, information about navigation behavior for anonymous marketing purposes is collected and stored in microdata files on your computer and analyzed by an algorithm. It is then possible to display targeted product recommendations and personalized advertising banners with our products that are of interest to you on the websites of our partners. In no case can this data be used to identify the visitor of the website. No direct personal data is processed, and no user profiles are merged with personal data. Such data processing shall be carried out in accordance with Section 6 (1) (f) of the GDPR. With the above measures we use, we want to ensure that only the ad that is tailored to your real or supposed interests will appear on your terminal devices. It is in our interest as well as yours not to burden you with indifferent advertising.

If, however, you do not wish to have a personalized advertising banner of the online store of TheStoneOne, you can oppose this collection and storage of data for the future, as follows:

• By selecting the symbol that appears on each advertising banner (eg "i") you will go to the respective website of the provider. There, the systematic retargeting technology is clarified again and the possibility of canceling the registration (opt-out) is provided. If you unsubscribe from a provider, the so-called exception microdata is stored on your computer, which prevents the provider's banner ad from appearing in the future. Please note that this unsubscribe can only be done from your computer and the exception exception data may not be deleted from your computer and if for any reason they are deleted you will inevitably have to repeat the exclusion procedure.

• Alternatively, you can use the objections presented in section 7.5 of these data protection terms of use.

Recipients / categories of recipients:

We use on our website re-targeting technologies of various providers, which process the above-mentioned data within this framework. Further information on the microdata used by these providers can be found in the Cookies Policy.

Storage duration / criteria for determining the storage duration:

The microdata used for the purposes of the re-targeting and the information contained therein are stored for as long as the Microdata Policy states and are then automatically deleted.

7.5 Further Digital Communication

We also use periodic SMS / Viber / related digital services (eg inbox) in order to better serve you and respond more effectively to your needs.

7.6 Opt-out capability

You can prevent the re-targeting technologies discussed in 7.3 and 7.4 by adjusting the microdata in your web browser accordingly (see also section 7.1). At the same time, you have the ability to block personalized advertising based on interests with the help of the so-called Preference Manager or the activation of the available exception metadata.

8. Recipients outside the EU

With the exception of the processing described in point 7, we do not provide your data to recipients based outside the European Union or the European Economic Area. The processing referred to in point 7 leads to the transmission of data to the servers of the tracking and targeting technology providers authorized by us. Some servers are located in the United States (information on these recipients can be found in the respective reports). The transmission of data is carried out in accordance with the principles of the so-called Privacy Shield as well as on the basis of the so-called Standard Contractual Clauses of the European Commission.

9. Your rights as data subjects

9.1 Overview

In addition to the right to revoke the consent you have given us, you also have the following rights, provided that the respective legal conditions are met:

• right of access to your personal data that we store in accordance with Section 15 GDPR

• the right to correct or supplement incorrect data in accordance with Section 16 GDPR

• the right to delete your data that we have stored in accordance with Section 17 GDPR

• the right to restrict the processing of your data in accordance with Section 18 of the GDPR

• right to data portability in accordance with Section 20 GDPR

• right of objection in accordance with Section 21 of the GDPR.

9.2 Right of access in accordance with Section 15 of the GDPR

You have the right to be informed upon request and free of charge, in accordance with Section 15 (1) GDPR, of ​​the personal data we have stored about you.

This includes in particular:

• the purposes of the processing of personal data

• the relevant categories of personal data that we process

• the recipients or categories of recipients to whom the personal data concerning you are disclosed or are about to be disclosed

• if possible, the period for which the personal data will be stored or, where this is not possible, the criteria for determining that period

• the existence of a right of request to the controller for the correction or deletion of personal data or a restriction on the processing of personal data concerning the data subject or a right of objection to such processing

• the right to file a complaint to a supervisory authority

• when personal data are not collected by the data subject, any available information on their origin

• the existence of automated decision-making, including profiling, provided for in Section 22 (1) and (4) GDPR and, at least in such cases, important information on the logic followed and the significance and intended consequences of such processing; for the data subject. When personal data are transmitted to a third country or to an international organization, the data subject has the right to be informed of the appropriate guarantees in accordance with Section 46 of the GDPR on the transmission.

9.3 Right of correction in accordance with Section 16 GDPR

You have the right to demand from us without undue delay the correction of inaccurate personal data concerning you. For the purposes of the processing, you have the right to request the completion of incomplete personal data, including through a supplementary declaration.

9.4 Right of deletion in accordance with Section 17 of the GDPR

You have the right to request the deletion of personal data from us without undue delay, if one of the following reasons applies:

• personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

• withdraw your consent on which the processing is based in accordance with Section 6 (1) (a) or Section 9 (2) (a) GDPR and there is no other legal basis for the processing,

• you oppose to processing in accordance with Section 21 (1) or (2) of the GDPR and there are no compelling and legitimate grounds for processing in accordance with Section 21 (2) of the GBER,

• personal data was processed illegally,

• personal data must be deleted in order to comply with a legal obligation,

• personal data have been collected in connection with the provision of information society services referred to in Section 8 (1) GDPR.

Once we have disclosed your personal data and are required to delete it, taking into account the technology available and the cost of implementation, we will take reasonable steps to notify third parties processing your personal data that you request and have asked them to delete any links. with such data or copies or reproductions of such personal data.

9.5 Right to restrict processing in accordance with Section 18 of the GDPR

You have the right to ask us to limit processing when one of the following conditions applies:

• question the accuracy of personal data

• the processing is illegal and you request instead of deleting the restriction of the use of personal data

• the controller no longer needs personal data for processing purposes, but this data is required by the data subject to establish, exercise or support legal claims

• or you have objections to processing under Section 21 (1) of the GDPR, pending verification as to whether the legitimate reasons of the controller override the reasons of the data subject.

9.6 Right to data portability in accordance with Section 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us in a structured, commonly used and machine-readable format, as well as the right to pass this data on to another processor without our objection, when:

• processing is based on consent in accordance with Section 6 (1) (a) or Section 9 (2) (a) or on a contract in accordance with Section 6 (1) (b) of the GDPR; and

• processing is performed by automated means. When exercising your right to data portability, you have the right to request that personal data be transferred directly from us to another Controller, if this is technically possible.

9.7 Right of objection under Section 21 of the GDPR

Subject to Section 21 (1) GDPR, you may object to the processing of data for other reasons arising from the specificity of the situation. The above general right of objection applies to all data processing purposes described in these data protection terms, which are processed under Section 6 (1) (g) of the GDPR. Unlike the special right of objection concerning the processing of data for advertising purposes (cf. above, in particular points 9 and 7.6), we have an obligation under the GDPR to exercise this general right of objection only if you give us reasons of paramount importance, e.g. χ. a potential risk to life or health. In addition, there is the possibility to contact the competent supervisory authority for TheStoneOne or the Data Protection Officer Tsilonis-Vogiatzoglou Law Firm (Newlaw), Tsimiski 10, 546 24 Thessaloniki, tel. 2310 551 501, fax: 2310 261 503 e-mail: dataprotect@newlaw.gr.

10. Contact persons

10.1 Contact persons for questions or about the exercise of your data protection rights

For questions about the websites or the exercise of your rights during the processing of your data (data protection rights) you can contact via the e-mail of the "Company": info(at)thestoneone(dot)gr, which is received by the Customer Service Department.

10.2 Contact person for data protection questions

If you have any other questions regarding the processing of your data, you can contact the data protection officer, i.e. Tsilonis-Vogiatzoglou Law Firm (NEWLAW), 10 Tsimiski St., 546 24 Thessaloniki, tel. 2310 551 501, fax: 2310 261 503, e-mail: dataprotect@ newlaw.gr

10.3 Right to complain to the data protection supervisory authority

In addition, you have the right to complain to the competent data protection supervisory authority at any time. You can contact the data protection supervisor, in particular in the Member State in which you have your habitual residence or place of work or the place of alleged infringement or the authority of the State in which the Controller is located.

11. Name and contact details of the Controller as well as contact details of the operational Data Protection Officer

These data protection terms apply to the processing of data carried out by the Limited Liability Company under the title "Galdania Investments Ltd", owner of the TheStoneOne trademark (hereinafter TheStoneOne) based at 109 Omono Str, Limassol 3045 Cyprus e-mail: info(at)thestoneone.gr - tel.: +34 6515 63441, VAT No: CY10283072N and is engaged in the ……… trade, who is the "Controller" for the website …………………………….. For further information or questions regarding the processing of data or the exercise of any legal right, the User can contact the Data Protection Officer Tsilonis-Vogiatzoglou Law Firm (NEWLAW), 10 Tsimiski St., 546 24 Thessaloniki, tel. 2310 551 501, fax: 2310 261 503, e-mail: dataprotect @ newlaw. gr, which is the Data Protection Officer of TheStoneOne.