Privacy Policy

According to the General Data Protection Regulation (EU) 2016/679, for the protection of natural persons against the processing of personal data (GDPR) of the company with the registered name “CRYSTAL IONION MON IKE ” as the Data Controller and/or Data Processor.

In the company with the registered name “CRYSTAL IONION MON IKE “ and with the website “crystalionion.com”, hereinafter referred to as the “Company” for brevity, we prioritize the protection of your personal data as part of our philosophy. We understand that the confidentiality of your personal data is of utmost importance to you, and we strive to be as transparent as possible in the way we serve you. The “Company” is fully compliant with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council, concerning the protection of natural persons against the processing of personal data (GDPR). This Privacy Policy aims to help you understand how we collect, use, share, and protect your personal information.

1. Privacy Policy

“Personal data” refers to any information that is collected, recorded, or stored in a form that can directly (e.g., surname) or indirectly (e.g., phone number) identify you as a natural person.

We recommend that you read this text, which describes our privacy policy, before providing this information to us.

The “Customer Privacy Policy” is part of the terms and conditions governing our services. By accepting these terms and conditions, you expressly accept these provisions.

2. Scope of Application

At our “Company”, we recognize the importance of protecting our customers’ personal data and strive to be clear about how we collect, use, share, transfer, and store your personal data. This Policy provides a summary of the practices we follow concerning such data.

This Privacy Policy applies, without limitation, to every Service or function provided by us, including our online store www.crystalionion.com, any promotional activities, and generally everything we refer to as our “Services.”

The Privacy Policy applies to your use of our Services with or without the use of electronic means.

It is important to read this Policy carefully, as every time you use our Services, you agree to the practices described herein. If you do not agree with the practices described in this Policy, you should not use our Services.

The “Company” bears no responsibility for data collected by companies and websites that are not under its control or with which it does not cooperate. While browsing our website, any hyperlinks that direct you to other websites are beyond the control of the “Company” and, for this reason, we cannot guarantee the protection of your data by them, nor do we bear responsibility for their possible non-compliance.

3. Data Controller Information

The company with the registered name “CRYSTAL IONION MON IKE “ and with the website “crystalionion.com”, based in Kefalonia at Asklipiou 16, Sami Kefalonia Greece, is the Data Controller of the Personal Data you have provided to us or that we collect about you, in accordance with this Privacy Policy.

For any questions or clarifications regarding the Terms of Use and the Personal Data Protection of the “Company”, you can contact Mr. Pericles Rassias by phone at +30 6984-700603 or via email at info@crystalionion.com.

4. Data Collection

Possible methods of data collection include:

  • Direct collection of information from you during your visit and transaction at our online store www.crystalionion.com, communication via email, short messages (SMS), internet telephony applications (Voice over IP, e.g., Skype, Viber), viewing our online content, subscribing to our Newsletter, or using other services we offer.
  • Third-party information: The personal data we collect may be combined with publicly available information that you provide through your own websites, social media profiles, newsletters, transaction documents, business cards, etc. Additionally, we may receive data from other publicly available databases, such as business and telephone directories, to contact you.
  • The “Company” does not process Personal Data related to individuals under 15 years of age. We are grateful for any action you take to ensure that your children do not send us personal data without your consent (especially via the internet). If, however, we receive such information, you can contact the “Company” to arrange for the deletion of this information.

 

5. Types of Data We Collect

The data we collect from you is limited to what is necessary for the performance of the agreed processing. The personal data we are required to collect include:

  • Contact Information (e.g., surname, first name, phone number, residential address, email)
  • Personal Details (e.g., date of birth)
  • Billing Information (e.g., VAT number)
  • Inquiries and comments made during or after the provision of our services.

We collect and store the content of emails, SMS, internet telephony messages (e.g., Skype, Viber), or social media applications when necessary for the execution of our transactions and communication before and during the execution of our service agreement. We also store the content of facsimiles (faxes) you may send to us.

Upon entering our website, personal data such as the IP address of your device, the date and time of access, the name and URL of the file requested, the referrer-URL of the site/application from which access was made, the browser you use, your operating system, and the name of your access provider may be automatically transmitted from your terminal browser without any action on your part.

If you are our Supplier, we will collect and process the Personal Data necessary for the supply of your goods or services, the management of our contract, and the payment of your services.

Providing us with Personal Data is primarily a contractual obligation or a requirement for concluding a contract, and in some cases, it is a legal obligation. If you choose not to provide us with the Personal Data mentioned above, we may not be able to provide you with our services.

6. Purpose of Processing Your Personal Data – Legal Basis for Processing

We process personal data only when we have a lawful reason to do so, specifically when the processing is necessary for the execution of the contract between us, the provision of the services you request and wish to receive from us, the overall execution and compliance with our legal obligations, and the exercise of our legal rights.

We use and process the personal data we collect, even in combination with other data, in order to:

  • Execute and complete our transactions with you and provide quality services to our customers in an appropriate manner. The legal basis for data processing is the Execution of a Contract with the customers of the “Company” (Article 6, paragraph 1, point (b) of the GDPR).

 

  • Process our payments and obligations. We use billing information, invoices, and payment details exclusively to receive payment for our products and services, through a cooperating accounting firm bound by confidentiality and privacy agreements. The legal basis for data processing is the legitimate interest of the “Company” (Article 6, paragraph 1, point (f) of the GDPR).

 

  • Provide you with interesting offers and updates on new services, products, and market trends, as well as our presence at exhibitions and events. Our “Company” only uses your email address to send informational material and does not use the content of your emails, conversations, etc., for advertising purposes. The legal basis for data processing is the legitimate interest of the “Company” (Article 6, paragraph 1, point (f) of the GDPR).

 

  • Communicate with you. We use the data we collect to communicate with you via telephone, email, letter, SMS, and other means, to inform you about the product and service you request from us, notify you of any pending issues, or request additional information regarding your inquiry. The legal basis for data processing is the legitimate interest of the “Company” (Article 6, paragraph 1, point (f) of the GDPR), which arises from the purpose of our communication.

 

  • Improve our relationship with you. We use communication records to better understand the issues that concern you and to diagnose any errors and problems promptly, thereby improving and strengthening the quality of our transactions and our relationship with you. The legal basis for data processing is the legitimate interest of the “Company” (Article 6, paragraph 1, point (f) of the GDPR).

 

  • Protect ourselves from risks, protect you from such risks, and resolve any disputes. We use data for the security and protection of our products and customers, as well as for detecting and preventing fraudulent actions and resolving disputes in cases of abnormal contract developments. The legal basis for data processing is the legitimate interest of the “Company” (Article 6, paragraph 1, point (f) of the GDPR).

 

  • Comply with the provisions of applicable national or European Union legislation. The legal basis for data processing is compliance with a legal obligation of the “Company” (Article 6, paragraph 1, point (c) of the GDPR).

 

  • Upon your explicit and unreserved consent, we will proceed with the collection, retention, and processing of special categories of personal data (sensitive data) that you voluntarily provide to us, in order to accommodate particular and specific needs (e.g., access to rooms specially designed for persons with mobility disabilities, special transportation methods, allergies, special diets, etc.) and your preferences (e.g., dietary choices, habits, etc.).

7. Your Marketing Choices

We may use your data to promote our products and services to you. We respect your choices regarding how you wish us to communicate with you for marketing purposes.

  • Specifically, regarding email messages used for the direct promotion of products and services similar to those you have already received from us, the “Company” complies with the privacy rules related to Personal Data Protection and privacy in the field of electronic communications (Law 3471/2006), which prevails over the General Regulation (EU) 679/2016 as a more specific regulation. Under this provision, we will use the contact email addresses lawfully obtained during the sale of products or services or other transactions with you for the direct promotion of similar products or services or for similar purposes. If you disagree with the use of your contact details for this purpose, you have the right to expressly object to the collection and use of your electronic contact information by visiting: info@crystalionion.com.
  • If you choose to subscribe to our Newsletter, you provide contact details so that we can send you informational content via email, which you select by entering your email address in the appropriate field on our website or by giving us your explicit consent through a relevant form.

8. Cookies, Beacons, and Similar Technologies

As you browse a website, certain information may be collected passively (i.e., gathered without you actively providing it) through various technologies and means, such as Internet Protocol addresses, cookies, Internet tags, and navigation data collection. We, as well as certain third parties providing content, advertisements, or other features on our Services, may use such technologies in certain sections of our Services.

For more information, you can refer to our Cookie Policy and check the Cookie Settings Table for detailed information about the cookies and other tracking technologies used on our website www.crystalionion.com.

9. Social Media Links / Social Media Plugins

Our website includes links to social media platforms such as Facebook, Twitter, Instagram. HTML links are integrated into our website, allowing easy access to social media platforms. When you click on one of these buttons, a browser window opens, directing you to the respective service provider’s website, where you can (after logging in) use, for example, the “Like” or “Share” button or send us an electronic message.

For more information about the purpose and extent of data processing and the further use of your personal data by these providers and their websites, as well as your rights and possible settings to protect your privacy, please refer to the data protection information of the respective service provider.

Facebook: http://www.facebook.com/policy.php

Twitter: https://twitter.com/en/privacy

LinkedIn: https://www.linkedin.com/legal/impressum

Pinterest: https://policy.pinterest.com/en/privacy-policy

Google: https://policies.google.com/privacy?hl=el

 

10. Third-Party Access to Your Personal Data

The data we collect from you is not transferred, sold, rented, or otherwise disclosed to unauthorized third parties without your prior notification and related consent.

The recipients or third parties to whom we may disclose personal data primarily include the following:

  • To provide you with the best possible service, we grant access to all or strictly defined categories of your personal data to the appropriate and authorized personnel within our organization.

 

  • We may also share your personal data with affiliated companies, agents, or service providers who work for us or provide services to us, such as courier companies, postal service providers, accountants, IT subcontractors, companies that send mass emails on our behalf, banks, law firms, etc.

 

  • We may also share personal data with third parties upon your request or with your explicit consent.

 

  • To the extent required or permitted by law, we may share your information with government bodies, courts, dispute resolution entities, supervisory and regulatory authorities, for compliance with applicable laws, in cases where we believe this would be permitted or required by law or regulatory or legal process, or to defend our interests, rights, or property or those of others. Finally, we may share your information with other parties involved in disputes, including disputed transactions, e.g., a disputed credit card purchase transaction.

 

  • We may share your data with another business entity in the event of our merger or acquisition by that entity. In such a case, we will make every effort to ensure that this privacy policy is followed by the new entity with full respect for your personal data. If your data is to be used for a different purpose, we will ensure timely notification to you regarding this and the exercise of your rights.

 

  • If we transfer your personal data outside the “Company” to third parties who assist us in providing some of our services or support our business activities as described in this policy, we make sure to obtain contractual commitments (such as contractual clauses) from them for the protection of your personal data.

11. Retention of Your Personal Information

We retain the data we collect for as long as necessary to fulfill our contractual obligations to you and to comply with other legal obligations, such as tax and system security obligations.

Generally, we will retain your data for as long as you maintain a contractual relationship with us, whether in paper or electronic form, and if for any reason this relationship is terminated, we will store the data for as long as necessary until the limitation period for any potential claims expires.

If you have given us your consent for a longer retention period, we will retain the data according to your instructions.

12. Information Security

The “Company” has implemented reasonable organizational and technical measures to protect the personal data it collects in relation to its Services, especially any sensitive personal data collected. Our IT partners follow international standards and practices to ensure the security of our facilities and the encryption of data.

However, while we take reasonable steps to protect your personal data, security cannot be absolutely guaranteed against all threats.

13. Your Rights

Under the Personal Data Protection legal framework, you have the following rights:

  • Right to Information: You have the right to be informed about the collection and use of your personal data.

 

  • Right of Access: You have the right to receive confirmation from the “Company” as to whether or not personal data concerning you is being processed, and, if so, you have the right to access the personal data in a concise, clear, transparent, and easily accessible format.

 

  • Right to Rectification: You have the right to request, and the “Company” will ensure, without undue delay, the correction of inaccurate or incomplete personal data, including through a supplementary statement.

 

  • Right to Erasure: You have the right to request the “Company” to delete the personal data concerning you without undue delay, and we are obligated to proceed with the deletion, under the conditions defined by law.

 

  • Right to Restrict Processing: You have the right to request the “Company” to limit processing activities to specific purposes, under the conditions defined by law.

 

  • Right to Object: You have the right to object, at any time and for reasons related to your particular situation, to the processing of personal data concerning you. The “Company” will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

 

  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to request the transmission of these data to another data controller without hindrance, under the conditions defined by law.

 

  • Right to Withdraw Consent: If the processing of your personal data is based on your prior consent for one or more specific purposes, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent before its withdrawal.

All information provided under Articles 13 and 14 and any notifications and all actions taken under Articles 15 to 22 and Article 34 are provided free of charge. If the data subject’s requests are clearly unfounded or excessive, especially due to their repetitive nature, the “Company” may either:

  1. a) Charge a reasonable fee, taking into account the administrative costs of providing the information or communication or performing the requested action, or
  2. b) Refuse to act on the request.

The “Company” does not subject your Personal Data to automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.

The “Company” will comply with your request in accordance with the conditions defined by law. The exercise of a right granted to you by law does not always imply the possibility of full satisfaction, especially when there are other legal provisions that limit it. If we are unable to fulfill your request, we will inform you of the reasons.

14. How to Exercise Your Rights

The “Company” respects your rights to your personal data and facilitates their exercise. You can address any request, question, or complaint regarding your personal data by contacting Mr. Pericles Rassias by phone at +30 6984-700603 or via email at info@crystalionion.com.

We will respond to your request within thirty (30) days from the date of receipt. If an extension of the above deadline is required for the investigation and/or processing of your request, we will inform you accordingly, explaining the reasons for the extension.

In any case, if you feel that your personal data protection has been violated in any way, you have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

15. Processing for Other Purposes

The “Company” may process personal data for purposes other than those for which the personal data was collected. In such a case, we will provide you with all necessary information regarding the new purpose before the potential further processing, along with any other relevant information.

16. Updates

This Policy may be amended in accordance with applicable legislation or to achieve best practices. We will announce any changes to our Policy to ensure that you are informed of any updates. By accessing or using our Services after we have posted such an updated version of the Policy, you agree to the new practices contained in the update. The most recent version of the Policy will always be available on the “Company” website, www.crystalionion.com.

A printed version of this Policy can be sent to you upon request by contacting our “Company.”

17. Questions and Contact

For any questions regarding this Policy or in general regarding the protection and security of your data within the “Company,” please contact us at the following address:

CRYSTAL IONION MON IKE – crystalionion.com

Address: Asklipiou 16, Sami Kefalonia Greece

Phone: +30 6984-700603

Email: info@crystalionion.com