Call Orders +30 6949109589 | Next Working Day Delivery in Europe.
This section describes the process by which we manage your personal data. FENOMILANO ensures full compliance with the principles of the General Data Protection Regulation (GDPR), which relate to the data we receive from our customers and visitors to our website.
The General Data Protection Regulation ( GDPR) has been applicable in the countries of the European Union since 25 May 2018. It introduces new rules on privacy notices, as well as on the processing and safeguarding of personal data.
Who do we share your data with?
We use third party services (data processors) on our websites to collect your data. The extent to which your data is shared with these providers depends on your use of our services and we specifically mention them (with links to their privacy policies) in the sections below.
Each third-party service we use has been reviewed by our security team to ensure that their privacy policies and practices meet or exceed the same levels of compliance and standards that we follow. Where necessary and available, we maintain additional signed privacy agreements with these companies as an additional layer of accountability to ensure that your data is secure.
We disclose potentially personally-identifying and personally-identifying information only to our employees and affiliated organizations that (i) need to know this information in order to process it on our behalf or to provide services; and (ii) which they have agreed in writing to safeguard.
If we ever make subsequent transfers of your data to third parties for a purpose other than that for which it was originally collected or subsequently authorised by you, we will provide you with an opt-out option to limit the use and disclosure of your personal data.
When visitors leave comments on the site, we collect the data that appears on the comment form, as well as the visitor’s IP address, to help detect spam through Akismet, a service of Automatic.
Please be advised that all information sent to the service is encrypted using our SSL security key.
There are 4 different types of cookies:
- Functionality Cookies
Allow the performance of basic functions of the site, such as adding products to the shopping cart and storing products in the W
- Preference Cookies
These cookies “remember” your preferences when you browse our site so that we can recommend the right products based on your needs.
- Advertising Cookies
With advertising cookies we aim to show you ads relevant to your interests so that we do not bother you with unwanted messages.
- Statistics Cookies
They enable usto evaluate the effectiveness of the various functions of our site, so that we can continuously improve the experience we offer you.
If you leave a comment on our site, you can choose to have your name, email address and website saved in cookies. This is for your convenience, so that you don’t have to fill in your details again when you leave another comment. These cookies last for one year.
If you have an account and log in to this site, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie does not contain any personal data and is discarded when you close your browser.
When you log in, we will also create several cookies to store your login information and screen options. Login cookies last for two days and screen options cookies last for one year. If you select “Remember me”, your connection will remain active for two weeks. If you log out of your account, the login cookies will be removed.
What personal data do we collect and why do we collect it?
In order to manage your registration and the execution of your orders via e-shop, we collect first of all basic personal data, such as name, telephone number, email, address, region, postal code and others. In addition, for the processing of the order, we also collect financial data such as credit card number and invoice details in case of invoicing.
Analytics / Statistics
We also use the Facebook Pixel to help us with marketing campaigns we run from time to time. You can see the Facebook policy below.
Hosting and backups
All backups are managed by the Qbrains Complete Digital Agency team and stored on the Amazon Web Services platform located in various locations around the world and in third party Private N.A.S. Farms facilities. You can see Amazon’s policy here While you can also see here for the service regarding the organization of data backup.
We do NOT collect
- Financial information from a payment service provider
- Sensitive information
We ask that you do not send or disclose sensitive personal information (such as social security numbers, information about your racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) to us through our Company Services or otherwise.
We do not collect or store your credit/debit or pre-paid card number.
What rights do you have to your data?
You can request that any personally identifiable data we have about you be deleted. Of course, this excludes data that we need for administrative or security purposes or if we are required by law to retain some of the data.
A person seeking access or seeking to correct, amend or delete inaccurate data should direct their query to [email protected] and the FENOMILANO team will answer you immediately. For personal data concerning your order details and data such as name, surname, address, etc. you can go to Account and change them from there.
PERIOD OF RETENTION OF PERSONAL DATA
All personal data are kept for a predetermined period of time depending on the purpose of processing, at the end of which the personal data in question are deleted from our databases. The personal data you provide to our company through this website will be kept for as long as you wish to enjoy our services and relevant updates as described above, with the possibility of course to withdraw your consent at any time. A reasonable retention period for your personal data is five years from the completion of the sales contract.
How do we protect your data?
The safety and reliability of our services is our top priority. We invest heavily in training our staff and infrastructure to ensure that best practices are followed in everything we do.
Prevention is better when it comes to safety, and as a first step, we have internal review processes in place, as well as quality assurance procedures specifically designed to prevent potential safety risks in our services. Each employee and contractor goes through background checks and an onboarding process, which includes a trial period where access to client data is only granted when working under the supervision of another staff member.
All staff have access only to systems that are directly required for the completion of their tasks. We use dual-factor authentication for all critical systems and communication services. We automatically record all staff activity using internal logging tools.
Wherever personal data is entered on our website (address, email, name, name, phone numbers etc.) it is encrypted via a secure security certificate with 2048Bit Encryption (SSL). Personal data such as (passwords, & email accounts) are stored in our database encrypted (hashed).
What data breach procedures do we have in place?
In the event that an event occurs where our customers’ data is lost, stolen or potentially compromised, our policy is to notify our customers by email no later than 24 hours after our team becomes aware of the event. We will also report this incident to the competent data protection authority and will take all necessary steps to assist our members in obtaining new security codes.
For all transactions made by credit or debit card users we have chosen to work with Everypay.
Recognizing the importance of the security of electronic payments, EveryPay is a licensed Payment Institution by the Bank of Greece (decision no.280/3/23-7-2018 GGC B 3010/25-7-2018), and manages card payment transaction data securely, in accordance with the regulatory framework of the card transaction security management standard.
Everypay is certified according to the Card Transaction Management Security Assurance Standard (PCIDSS). All Everypay services are done through secure connections with 256 bit SSL certificates.
EveryPay also supports the possibility of using the 3D Secure service, an additional security feature for VISA & MasterCard. The Payer will then have to enter his/her personal secret code to successfully complete the transaction.
Date of last review: 11 June 2020