Privacy Policy

Introduction
We are committed to protecting the privacy of every visitor and user of our applications and website. Please spend some time to study this privacy policy in order to understand how we use and protect the personal data we collect. Any references in this privacy policy to: “Website” or “Application” mean the website https://popmarket.gr and the Pop application for mobile devices respectively. “We” or “us” or “our” mean QUICK COMMERCE SINGLE MEMBER P.C. (the “Company”) with registered offices in 67 Syggrou Ave & Zan Moreas 40B, Athens, Greece (Registry no. 159933901000). This privacy policy refers to the processing that takes place through our Website and our Application respectively. Other websites or applications that may be accessible through links found in our Website or Application are not covered by this privacy policy. If you have any questions regarding this privacy policy please contact us through the email address support@popmarket.co.

Collection and use of data 

Data we collect
Our Website and our Application may collect personal data in the following cases: a) when a user visits the website b) when a user creates a user account with our Website or Application c) when a user uses the services provided by our Website or Application as a customer d) when a user registers to any of the available Website or in-app applications such as the newsletter application e) when the user enters into available promotional/advertising campaigns or functions f) when using the Website’s or Application’s environment or function to communicate or interact with us. When accessing our Website or our Application we, ourselves or our web hosting provider, collect data on the basis of each access to the server (so-called server log files). Server log files may include the following information:

• the browser types and versions used;
• the operating system used by the accessing system;
• the date and time of an access;
• the pages of our service that you visit;
• referrer URL (the previously visited page);
• the Internet Protocol (IP) address of your device; 

When you access our Website or Application by or through a mobile device or App, we may collect the following information:

• the type of mobile device you use;
• your mobile device unique ID;
• the IP address of your mobile device;
• your mobile operating system;
• the type of mobile internet browser;
• unique device identifiers and other diagnostic data.

When you create a user account with our Website or Application and use the respective services we collect the following information: 

• Full Name, 
• E-mail address 
• Telephone number 
• Username 
• Provided delivery address(es) 
• Delivery and invoice address(es);
• Order history data;
• Payment data (e.g. credit card, PayPal, invoices, payment history, etc.);
• Usage data (e.g. websites visited, interest in content)
• Meta/communication data (e.g. device information, IP address).
• Location data: Within the course of using our Website or Application for, the location data as collected by the device or as otherwise entered by the user are processed. The use of the location data serves only to provide the respective functionality of our Website/Application and corresponding services, according to their description to the users or its typical and expectable functionality.

Processing Purposes – Legal Basis of Processing 
In principle, we process only the data necessary for the provision of our services through our Website or Application and upon your own initiative and request such as when you register as a user or when you use our Website’s or Application’s features. We may also process your personal data on the basis of your consent, as in the cases of sending promotional material or with respect to non-essential cookies (for more information see under “Cookies” below). If your consent is revoked, any such collection and processing will cease. Lastly, processing of personal data may take place for the purpose of serving our legitimate interests.  More specifically, the data collected are being processed for the following purposes and under the following legal bases:  (a) to provide our contractual services and customer support and to provide certain features of our services as described to the users [legal basis Art. 6 para. 1 (b) GDPR]; (b) to personalize the Website and our Application for the user and deliver and optimize the content of our services appropriately [legal basis Art. 6 para. 1 (b) GDPR];  (c) to properly manage our Website and Application and ensure the long-term viability and technical security of our systems [legal basis Art. 6 para. 1 (f) GDPR]; (d) If the consent of the user is provided, to provide updates, notices, promotional material and, in general, news about the activities of our Website/Application and related services may be sent to you. In such a case, you will, at any time, immediately and without additional cost, have the opportunity to inform us that you no longer wish to receive such updates or material [legal basis Art. 6 para. 1 (a) GDPR].  (e) Finally, data collected may be processed for statistical purposes, interpretation of traffic, visitor origin, public preferences, etc. Such processing shall be carried out only on a depersonalized basis of statistical nature, in such a way that it is no longer possible to identify by any such information a particular person.  Cookies Cookies are small text files that are placed on your computer by the websites you visit. They are widely used to make websites functional or to operate more efficiently, as well as to provide information to the owners of websites. They allow us to give you the best possible browsing experience and have a way to understand how you use it. Some cookies have already been set. You can delete and block cookies, but parts of our website will not work without them. By using our Website or Application you accept the use of these cookies.

Use of cookies 
We use cookies on our Website and Application as it is easier for you to log in and use them during future visits. They also allow us to monitor the traffic of our Website and Application, to enhance functionality and to tailor the content for you. You can set your computer to reject cookies, but if you do this you may not be able to use certain features of our Website or Application. 

Types of cookies we use
Like most major websites and applications, we may use cookies that are distinguished according to the following categorizations: 

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed his browser.  
• Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users who are used for range measurement or marketing purposes can also be stored in such a cookie. 
• First-Party-Cookies: First-Party-Cookies are set by ourselves. 
• Third party cookies: Third party cookies are mainly used by advertisers (so-called third parties) to process user information. 
• Necessary (also: essential) cookies: Cookies can be necessary for the operation of a website (e.g. to save logins or other user inputs or for security reasons). 
• Statistics, marketing and personalization cookies: Cookies are also generally used to measure a website’s reach and when a user’s interests or behavior (e.g. viewing certain content, using functions, etc.) are stored on individual websites in a user profile. Such profiles are used, for example, to display content to users that corresponds to their potential interests. This procedure is also referred to as “tracking”, i.e. tracking the potential interests of users. Most Web browsers allow most cookies to be managed through browser settings. To learn more about cookies, including how to see which cookies have been placed on your computer and how to manage and delete them, visit the www.allaboutcookies.org page. 

In any case, during your first visit to our website we ask you to provide us with your consent to the use of cookies where you will able to include or exclude yourself different kind of cookies (opt-in), to the extent that they are not necessary for the basic operation of our Website or Application. You may also at any time, immediately and without additional cost, using the same method described, revoke any prior consent you have given regarding cookies, either wholly or partially. 

Recipients of data
The Company does not disclose your data in any way and will not transfer or disclose in any way your personal data and information to third parties, commercial or business partners, without the prior Information and consent, except in the cases mentioned herein.  Your personal data regarding your activity and preferences on our Website or Application may be shared with our web host provider and other IT service providers, including cloud providers for data storage purposes, companies that analyze our Website’s or Application’s performance and companies that provide map location services.  The personal data of users may be shared with third-party support services, such as communication services providers, payment providors or other support services providers. These recipients will take the same measures as us to protect personal data and process the data only in the context of our explicit and written mandates. We always control our partners to ensure that they comply with the highest standards of data protection.  We may transfer personal data to other companies within our group of companies or otherwise grant them access to this data. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfill our contractual obligations or if the consent of the data subjects or otherwise a legal basis is present. Finally, we may communicate data to public authorities in compliance with legal obligations. Also, we may be forced to disclose data through a binding order of public authorities or law enforcement authorities or in compliance with a court order or equivalent binding act.

Data transmission outside the European Economic Area (“EEA”)
In some cases, the personal data collected from you may be processed outside the European Economic Area (“EEA”). These countries may not have the same level of data protection as the EEA. However, we are obliged to ensure that the personal data processed by us and our partners outside the EEA are protected in the same way as if they were processed within the EEA. Therefore, if your data is processed outside the EEA, there are certain safeguards in place. We ensure similar protection by ensuring that at least one of the following safeguards is in place: 

• Your Personal Data will be transferred to countries whose level of data protection is considered appropriate by the European Commission according to art. 45 GDPR; 
• We use the standard contractual clauses approved by the EU; 12 
• An exception as set out in art. 49 GDPR; 
• Other safeguards as specified in art. 46 GDPR.

Retention time
Subject to more specific provisions of this policy, the data shall be stored by us only for as long as is necessary to fulfill the purpose of the processing. In addition, data may be stored if this has been provided for by the European Union or national legislator in regulations, laws or other provisions to which the person responsible is subject. The duration of the data storage depends on the statutory storage obligations and is generally up to 10 years. Data regarding your user registration and activity are generally retained for as long as you remain a user of our Website or Application. Personal data of non-registered users of our Website are retained for a maximum period of two (2) years after their last interaction with our website.  Unless we provide you with explicit information on the retention period of permanent cookies, the retention period is as long as it is necessary to achieve the purpose of the processing or until your consent is revoked (where consent is applicable). Data regarding your inquiries and communications will be retained for as long as is necessary to fulfill your requests and no more than one (1) year.  The data regarding your subscription to a newsletter will be retained until we receive a request to deactivate your registration. 

Security and confidentiality of personal data
We have made considerable efforts to take all preventive measures to maintain the confidentiality and security of personal data and to prevent their distortion, damage, destruction and unauthorized transmission or disclosure of any kind. Technical and organizational security measures in place include state of the art technology and best practices in managing your data. We also maintain appropriate administrative, technical, and physical safeguards designed to protect the personal information you provide from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, the company cannot control the risk associated with the operation of the Internet and therefore you should pay attention to the existence of potential risks related to its use and operation. Unfortunately, the transmission of data over the internet is not completely secure. Although we take steps to protect your personal data, we cannot guarantee the security of the information you transmit to us and any transmission is at your own risk.

Your Rights and options
According to data protection legislation, you may have a number of rights regarding the data we hold about you. If you wish to exercise any of these rights, please contact us at the contact details set out below. 

1. a) The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your data and what your rights are according to the provisions of art. 13 and 14 GDPR. For this reason, we provide you with the information in this Data Protection Notice. 
2. b) The right of access. You have the right to access your data (if we process it) according to the provisions of art. 15 GDPR. This will enable you, for example, to check that we use your data in accordance with data protection law. 
3. c) The right to rectification. You have the right to have your data corrected if it is inaccurate or incomplete according to the provisions of art. 16 GDPR. You may request that we rectify any errors in the data we hold. 
4. d) The right to erasure. This “right to be forgotten” enables you to request the deletion or removal of certain data that we have stored about you according to the provisions of art. 17 GDPR. This right is not absolute and only applies in certain circumstances. 
5. e) The right to restrict processing (blocking of data). You have the right to “block” or “restrict” the further use of your data according to the provisions of art. 18 GDPR. If processing is restricted, we may still store your data, but will not process it further. 
6. f) The right to data portability. You have the right to obtain your Personal Data in an accessible and transferable format so that you can re-use it for your own purposes across different service providers according to the provisions of art. 20 GDPR. However, this is not an absolute right and there are exceptions. 
7. g) The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with a competent data protection authority according to art. 77 GDPR. 13. Data Protection Authority for Greece is Personal Data Protection Authority -ΑΠΔΠΧ, 1 Kifisias Ave. – 115 23 – Athens, Tel. 210 6475600.
8. h) The right to withdraw consent. You have the right to withdraw any consent given to us (if we rely on the consent as a legal basis for the processing of certain data) at any time with effect for the future according to art. 7 GDPR. The legality of the processing carried out on the basis of the consent prior to the withdrawal remains unaffected. 
9. i) The right to object to processing. You have the right to object to the processing of Personal Data concerning you based on art. 6 para. 1 e or f GDPR according to art. 21 GDPR. This also applies to direct marketing and related profiling. 

We do not use any means of automatic decision making or profiling. In order to exercise any of your rights, as well as any for any information or clarification regarding them and the conditions of their exercise, you should contact us in the electronic address privacy@popmarket.co or via mail at the address: 67 Syggrou Ave & Zan Moreas 40B, Athens, Greece. Our representatives will provide you with any further information and guidance on the steps you need to take. 

Changes to this policy
We kindly ask you to inform yourself regularly about the contents of our data protection policy. We will adjust this data protection policy as changes in our data processing practices render this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification. If we provide addresses and contact information of companies and organizations in this data protection policy, we ask you to note that addresses may change over time and to verify the information before contacting us.