This Policy has been drafted in accordance with the regulations of the General Data Protection Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter "GDPR") which comes into force on 25 May 2018.

The company ELEOLOGY S.A. (hereinafter referred to as the "Company") is engaged in business, including the distribution and marketing of food, and for this purpose maintains an online store on the pages   www.eleology.com

Its registered office is Agiou Nikolaou 5-7, Pireaus 18537 Attika, Greece and this is also the address to which all correspondence may be addressed. The Company's website address is  www.eleology.com (hereinafter the "Website"). The telephone number is +30 2104116349. If any user accessing the Website has any questions regarding this Policy, they may contact the Company and communicate via email at the email address info@eleology.com.

This Policy describes how the Company uses and protects the personal data (hereinafter referred to as “Personal Data”) of natural persons (hereinafter referred to as “Data Subjects”) that are disclosed to it either during registration and use of the Website services or through contracts with Data Subjects (e.g. contracts with employees of the Company). Furthermore, this Policy describes how the Company collects, transmits, processes, uses and discloses the Personal Data of Data Subjects and sets out its practices regarding the secure processing thereof. By providing Personal Data to the Company (either directly or indirectly by allowing another person to provide Personal Data on behalf of the Data Subjects), the Data Subjects agree that this Policy applies to the way in which the Company uses their Personal Data and consent to the collection, transfer, processing, use and disclosure of such data as described herein. In the event that the Data Subjects do not agree with any part of this Policy, they are requested not to provide Personal Data. If they do not provide Personal Data, or withdraw the consent they have provided under this Policy, this may affect the Company's ability to provide services or adversely affect the services that the Company can provide.

This Policy does not cover in any way the relationship between Data Subjects who use the Company's Website and any services that are not subject to the control and/or ownership of the Company's Website. Given the nature and volume of the internet, under any circumstances, including in the case of negligence, the Company is not liable for any form of damage suffered by Data Subjects who use the pages, services, options and contents of the Company's Website which they proceed with on their own initiative and with knowledge of the terms of this Policy.

Collection and Use of Personal Data

A. The Company collects Personal Data when:

  • Data Subjects register as members on the Company's Website and make use of its services (by sending their order or in any other way) and/or in order to receive the Company's advertising/information programs to be informed about the Company's news, as well as about new products and services provided by the Company (hereinafter referred to as "Newsletters")
  • Data Subjects communicate with the Company through its Website
  • enters into contracts with Data Subjects

B. In the above context, the Company may collect, store and use the following types of Personal Data:

  • information provided by Data Subjects for the purpose of communicating with the Company, registering on the Website (including sending them Newsletters if they choose to do so during their registration) and/or using the Company's services and/or its Website
  • any other information that Data Subjects choose to disclose to the Company (whether through its Website or in any other way) and that is relevant to the purpose of fulfilling their personal requests and that is related to the Company's object (e.g. ordering and returning products, proposals for cooperation with the Company)
  • any information that Data Subjects choose to disclose to the Company for the purpose of entering into and performing a contract with it

Specifically, the information that the Company may collect from Data Subjects either during their registration on the Website (including sending them Newsletters if they choose to do so during their registration) and/or on their behalf during their use of the services of the Website and/or their communication with the Company, or through the general use of the services related to the Company's object (e.g. ordering and returning products, proposals for cooperation with the Company) are the following:

  • Personal Information (e.g. Name, Surname, Home Address, Contact Telephone Number, Email Address (E-mail)
  • Work Data (e.g. Employment, Position/Job Title, Place of Work)

C. The Company uses the Personal Data of Data Subjects for the following reasons:

  • the provision of requested services to Data Subjects
  • the information support of Data Subjects regarding the services provided
  • the satisfaction of the Data Subjects' orders regarding the services available from and through the Company's Website
  • responding to questions and requests addressed to the Company by Data Subjects
  • informing Data Subjects about the Company's news, new products and new offers/categories of services by sending them promotional/newsletters via e-mails, unless they have requested not to receive such newsletters.
  • for internal Company purposes and quality assurance purposes
  • for the purpose of executing a contract concluded by the Company
  • for other purposes as provided for or required by law (e.g. compliance of the Company with its legal or tax obligation, or to protect its vital interests or the interests of the Data Subjects or when processing is necessary for the purposes of the legitimate interests pursued by the Company)

Protection of Personal Data of Data Subjects

The Company takes appropriate legal, organizational and technical measures to protect the Personal Data of Data Subjects, as well as technical measures to protect the Personal Data of Data Subjects in accordance with applicable data privacy and security legislation. The Company uses various technologies and security procedures in order to protect the Personal Data of Data Subjects from any unlawful destruction, loss, misuse or alteration, as well as from unauthorized or unlawful processing, use or disclosure.

The Company will delete or re-identify the Personal Data of the Data Subjects as soon as they are no longer necessary for the provision of its services and/or the execution of its business purposes and/or for the execution on behalf of the concluded contract and/or for legal reasons, or as otherwise provided by the applicable legislation for the protection of Personal Data.

Non-Disclosure of Personal Data to Third Parties

The Company, for the purpose of fulfilling the requests of the Data Subjects regarding the product orders placed by them through the Company's Website or for the return of products or for the fulfillment of any other related requests of the Data Subjects related to the object of the Company and the services provided by it, communicates the Personal Data of the Data Subjects (name, surname, residential address, contact telephone number) to the courier company collaborating with the Company.

Without prejudice to the above paragraph, the Company undertakes:

1) not to sell, rent or in any other way publish or communicate the Personal Data of Data Subjects to any third party.

2) not to disclose the Personal Data of its Data Subjects to third parties, natural and/or legal persons, except:

a) if the Data Subjects have provided their explicit consent and (i) the third party (natural or legal person, partner / supplier / service provider of the Company) has provided clear guarantees regarding the technical and organizational measures governing the processing to be carried out and (ii) the third party (natural or legal person, partner / supplier / service provider of the Company) has concluded a written agreement with the Company which imposes on the third party obligations similar to those imposed on the Company in accordance with the provisions on the protection of Personal Data,

b) if this is required due to the Company's compliance with the relevant provisions of the law and to the competent and only any prosecutorial, police, investigative and judicial authorities, in response to their request

​c) in connection with any legal/judicial proceedings or impending legal/judicial proceedings

d) for the purpose of establishing, exercising or defending its legitimate interests, – including providing information to regulatory, law enforcement or other authorities for the purposes of preventing and combating fraud, unauthorized use of services and illegal activity-.

The Company undertakes not to transfer Personal Data of Data Subjects to third countries outside the European Union without the prior written consent of the Data Subjects unless the Company and the recipients of the Personal Data have concluded and use standard contractual clauses which have been approved by the European Commission and which are annexed to the Commission Decision of 5 February 2010 on the transfer of personal data to processors established in third countries (2010/87/EU).

Data Subject Rights

Data Subjects may exercise the following rights arising from the provisions of the GDPR as well as the applicable legislation implementing or supplementing it or otherwise relating to the processing of Personal Data of natural persons, together with the binding directives and codes of good practice issued from time to time by the relevant supervisory authorities:

  • Information about the processing of their Personal Data, as well as the legal basis for this processing and all information related to this processing
  • Access and correction of their Personal Data in the event of processing of Data concerning them
  • Deletion of their Personal Data if it is not necessary for the provision of a service
  • Restriction of the processing of their Personal Data
  • Objection to the processing of their Personal Data
  • Portability of their Personal Data to another controller, i.e. the right of Data Subjects to receive their data in an appropriate format, so that it is technically feasible to transmit them to another controller (e.g. CD)

To exercise the above rights or for any questions, Data Subjects may contact the Company:

  • By sending an email to the email address  info@eleology.com  or
  • By letter to the address indicated in the Preamble of this

Data Subjects may also withdraw their consent to the processing of their Personal Data at any time (without retroactive effect) in one of the two (2) ways mentioned above.

In addition, Data Subjects retain (a) the right to submit a written complaint to the competent supervisory authority regarding the protection of their Personal Data, namely the Personal Data Protection Authority (Kifissias Avenue, number 1-3, P.C. 115 23, Athens, +30 210 6475600, contact e-mail ) and (b) the right to legal recourse in the event that they consider that their Personal Data has been violated.

Links to other websites

The Company may from time to time provide links to third parties or incorporate third party websites through its Website. This Policy does not apply to such websites and the Company is not responsible for the privacy policies or practices of such websites. If Data Subjects choose to access a linked website, they agree that the Company is not responsible for the availability of such website and does not control, endorse, or be liable in any way for:

  • the way in which the Personal Data of Data Subjects is handled on these websites
  • the content of these websites
  • the use of these websites by others

The Company advises Data Subjects to take care in advance and always check the legal and privacy statements published on each website or mobile application they link to, before entering any of their Personal Data.

Applicable Law

The management and protection of the Personal Data of Data Subjects is governed by the terms of this section, the provisions of the GDPR which enters into force on 25 May 2018 as well as by the applicable Greek legislation which implements or supplements the GDPR or which otherwise relates to the processing of Personal Data of natural persons, together with the binding directives and codes of good practice issued from time to time by the relevant supervisory authorities (see European Commission).

Modifications

The Company reserves the right to update this Policy from time to time and to post the most recent version on its Website at any time without notice. If material modifications are made, the Company may either post a notice of the changes on its Website or notify Data Subjects by sending a notification via the email address and/or mobile phone number provided by them. The Company encourages Data Subjects to periodically review its Website and check for any modifications, as well as to periodically review this Policy to remain informed about how the Company is protecting the Personal Data it collects.

If Data Subjects continue to use the Company's Website, this implies that they agree to this Policy and any updates. If a Data Subject does not agree to the Personal Data protection terms provided in this Policy, they must not use the Company's services.

This Policy was last updated on 03/11/2025