The personal data protection policy aims to highlight the lawful collection, processing and use of your personal data by the company with the distinctive title “KRYSTALIS K. VASILEIOS”, located in Thessaloniki, at 17 Antigonidon Street, in whatever capacity you communicate or cooperate with us. If you have any questions about our privacy policy, you can contact us at [email protected]. or call us at 2310 520770, Monday to Friday 10:00 -21:00 & Saturday 10:00-15:00.

This section describes the process by which we manage your personal data. FENOMILANO ensures full compliance with the principles of the General Data Protection Regulation (GDPR), which relate to the data we receive from our customers and visitors to our website.

The General Data Protection Regulation ( GDPR) has been applicable in the countries of the European Union since 25 May 2018. It introduces new rules on privacy notices, as well as on the processing and safeguarding of personal data.

Who do we share your data with?

We use third party services (data processors) on our websites to collect your data. The extent to which your data is shared with these providers depends on your use of our services and we specifically mention them (with links to their privacy policies) in the sections below.

Each third-party service we use has been reviewed by our security team to ensure that their privacy policies and practices meet or exceed the same levels of compliance and standards that we follow. Where necessary and available, we maintain additional signed privacy agreements with these companies as an additional layer of accountability to ensure that your data is secure.

We disclose potentially personally-identifying and personally-identifying information only to our employees and affiliated organizations that (i) need to know this information in order to process it on our behalf or to provide services; and (ii) which they have agreed in writing to safeguard.

If we ever make subsequent transfers of your data to third parties for a purpose other than that for which it was originally collected or subsequently authorised by you, we will provide you with an opt-out option to limit the use and disclosure of your personal data.


When visitors leave comments on the site, we collect the data that appears on the comment form, as well as the visitor’s IP address, to help detect spam through Akismet, a service of Automatic.

An anonymous string generated from your email address (also called a hash) may be sent to the Akismet service to verify that you are using it. The Akismet privacy policy is available here. After your comment is approved, your profile picture is visible to the public within your comment.

Please be advised that all information sent to the service is encrypted using our SSL security key.



A cookie is a piece of information that a website stores on a visitor’s computer and that the visitor provides to the website each time the visitor returns to it. We use cookies on all of our websites to help identify and track visitors, their use of our services and their preferences on our website. Visitors who do not wish to place cookies on their computers should set their browsers, refuse cookies before using our websites, or on their first visit click on the cookies they wish to enable, with the disadvantage that some features may not function properly without the help of cookies.

There are 4 different types of cookies:

  • Functionality Cookies
    Allow the performance of basic functions of the site, such as adding products to the shopping cart and storing products in the W
  • Preference Cookies
    These cookies “remember” your preferences when you browse our site so that we can recommend the right products based on your needs.
  • Advertising Cookies
    With advertising cookies we aim to show you ads relevant to your interests so that we do not bother you with unwanted messages.
  • Statistics Cookies
    They enable usto evaluate the effectiveness of the various functions of our site, so that we can continuously improve the experience we offer you.

If you leave a comment on our site, you can choose to have your name, email address and website saved in cookies. This is for your convenience, so that you don’t have to fill in your details again when you leave another comment. These cookies last for one year.

If you have an account and log in to this site, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie does not contain any personal data and is discarded when you close your browser.

When you log in, we will also create several cookies to store your login information and screen options. Login cookies last for two days and screen options cookies last for one year. If you select “Remember me”, your connection will remain active for two weeks. If you log out of your account, the login cookies will be removed.

What personal data do we collect and why do we collect it?

In order to manage your registration and the execution of your orders via e-shop, we collect first of all basic personal data, such as name, telephone number, email, address, region, postal code and others. In addition, for the processing of the order, we also collect financial data such as credit card number and invoice details in case of invoicing.

In terms of managing promotions, we may use social media campaigns and online advertising. These service providers use cookies on our websites and/or pixel tracking to serve ads on the various platforms.

  • We use MailChimp services for email marketing. MailChimp’s privacy policy is available here.
  • Instagram’s privacy policy is available here.
  • Twitter’s privacy policy is available here.
  • Google Ads & Doubleclick, read the privacy policy here, and if you want, you can opt out here .
  • Facebook read the privacy policy here, and if you want, you can opt out here.

Email/Contact form

To process all our internal emails and communication with customers, we use Qbrains’ mail servers. The privacy policy of is available here. Customers who email us or use the contact forms on our websites will have their email address, IP address and the data provided in the contact form or email, stored in our files on our Mail Servers. We retain indefinitely all communication made via email as well as through the contact forms, so that we can provide ongoing support and improve our services. You may also, at any time, request copies of any previously stored correspondence with us.

We also use European Servers to send invoices, new orders and personal messages to our customers via a transcactional cloud service, Mailgun, encrypted with SSL/TLS from our own server and from the servers of the service. The reason we use the service is to make sure that all the emails we send go to your inbox and not to your SPAM. The mailgun privacy policy can be found here.

Analytics / Statistics

We use Google Analytics to anonymously track visitors and gather information about traffic to our websites. The Google Analytics privacy policy is available here. You can learn more about how to opt out of Google Analytics tracking here.
We also use the Facebook Pixel to help us with marketing campaigns we run from time to time. You can see the Facebook policy below.

Hosting and backups

All web servers and hosting are managed by the Qbrains Complete Digital Marketing Agency team. This includes web hosting, web databases, file storage, APIs and logs. Qbrains Complte Digital Agency’s privacy policy is available here.

CloudFlare is a web traffic optimization and distribution service provided by CloudFlare Inc. The way CloudFlare works is to filter all traffic to the Website, i.e. the communication between our own website and the user’s browser, and also allows the collection of analytical data from that website. CloudFlare’s privacy policy is available here.

All backups are managed by the Qbrains Complete Digital Agency team and stored on the Amazon Web Services platform located in various locations around the world and in third party Private N.A.S. Farms facilities. You can see Amazon’s policy here While you can also see here for the service regarding the organization of data backup.

We do NOT collect

  • Financial information from a payment service provider
    In some cases, we may use an unaffiliated payment service to enable you to purchase a product or make payments (“Payment Service”), such as the Everypay credit card service and Paypal. If you wish to purchase a product or make a payment through a Payment Service, you will be directed to a Payment Service website. Any information you provide to a Payment Service will be subject to the Payment Service’s privacy policy and not this Privacy Policy. We have no control over and are not responsible for any use, by the Payment Service, of information collected through any Payment Service.Please read the PayPal’s privacy policy formore information.
    Please read Everypay’s privacy policy for more information.


  • Sensitive information
    We ask that you do not send or disclose sensitive personal information (such as social security numbers, information about your racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) to us through our Company Services or otherwise.
    We do not collect or store your credit/debit or pre-paid card number.

What rights do you have to your data?

You can request that any personally identifiable data we have about you be deleted. Of course, this excludes data that we need for administrative or security purposes or if we are required by law to retain some of the data.

A person seeking access or seeking to correct, amend or delete inaccurate data should direct their query to [email protected] and the FENOMILANO team will answer you immediately. For personal data concerning your order details and data such as name, surname, address, etc. you can go to Account and change them from there.


All personal data are kept for a predetermined period of time depending on the purpose of processing, at the end of which the personal data in question are deleted from our databases. The personal data you provide to our company through this website will be kept for as long as you wish to enjoy our services and relevant updates as described above, with the possibility of course to withdraw your consent at any time. A reasonable retention period for your personal data is five years from the completion of the sales contract.

How do we protect your data?

The safety and reliability of our services is our top priority. We invest heavily in training our staff and infrastructure to ensure that best practices are followed in everything we do.

Prevention is better when it comes to safety, and as a first step, we have internal review processes in place, as well as quality assurance procedures specifically designed to prevent potential safety risks in our services. Each employee and contractor goes through background checks and an onboarding process, which includes a trial period where access to client data is only granted when working under the supervision of another staff member.

All staff have access only to systems that are directly required for the completion of their tasks. We use dual-factor authentication for all critical systems and communication services. We automatically record all staff activity using internal logging tools.

Wherever personal data is entered on our website (address, email, name, name, phone numbers etc.) it is encrypted via a secure security certificate with 2048Bit Encryption (SSL). Personal data such as (passwords, & email accounts) are stored in our database encrypted (hashed).

What data breach procedures do we have in place?

In the event that an event occurs where our customers’ data is lost, stolen or potentially compromised, our policy is to notify our customers by email no later than 24 hours after our team becomes aware of the event. We will also report this incident to the competent data protection authority and will take all necessary steps to assist our members in obtaining new security codes.

Financial Transactions

For all transactions made by credit or debit card users we have chosen to work with Everypay.

Recognizing the importance of the security of electronic payments, EveryPay is a licensed Payment Institution by the Bank of Greece (decision no.280/3/23-7-2018 GGC B 3010/25-7-2018), and manages card payment transaction data securely, in accordance with the regulatory framework of the card transaction security management standard.

Everypay is certified according to the Card Transaction Management Security Assurance Standard (PCIDSS). All Everypay services are done through secure connections with 256 bit SSL certificates.

EveryPay also supports the possibility of using the 3D Secure service, an additional security feature for VISA & MasterCard. The Payer will then have to enter his/her personal secret code to successfully complete the transaction.

Changes to the Privacy Policy

Although most changes are likely to be of the utmost importance, we may from time to time amend the Privacy Policy, either in whole or in part, in our sole discretion.

Date of last review: 11 June 2020

My Cart
Close Wishlist