Sky Ark SA applies this Privacy Policy and adheres to the General Data Protection Regulation (EU) 2016/679 and other applicable European and Greek legislation. We strongly advise you to carefully read our Privacy Policy prior to making any use of our website and before providing us with your consent to store and process your personal data.

DEFINITIONS

“We” are Sky Ark SA, incorporated under the laws of Greece under general commercial registration nr. 156592722000, VAT nr.:EL801427671, headquartered at Aghia Anna, Chora Skyrou, Skyros 34007, Greece.

Regarding your personal data, we act as a “Data Controller”, according to GDPR Article 4 (7).

“You” are any person accessing or using our website or contacting us by any other means, also defined as a “Data Subject” according GDPR to Article 4 (1).

“Our Website” is https://knotshandcrafted.com, including our e-shop.

PRINCIPLES

We shall be responsible for and shall be able to demonstrate compliance with the GDPR principles. Your personal data shall be:

  • processed lawfully, fairly and in a transparent manner to you (‘lawfulness, fairness and transparency’),
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’),
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’),
  • accurate and, where necessary, kept up to date; (‘accuracy’),
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’),
  • processed in a manner that ensures appropriate security of your personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

PURPOSES AND LAWFULNESS OF PROCESSING

We may collect and process your personal data subject to at least one the following legal bases and associated purposes:

  1. you have explicitly provided us with consent to process your personal data in order to create a user account on our website, to order a product through our e-shop, to participate in a contest or for other specific purposes,
  2. processing is necessary for the preparation or performance of a contract between us, as when you enter and save your details prior to confirming you order or when you actually buy a product through our e-shop,
  3. processing is necessary for compliance with a legal obligation to which we are subject to, such as our obligation to record your contact details on our receipt or invoice for tax compliance purposes,
  4. processing is necessary in order to protect your or any other natural person’s vital interests, such as the integrity and security of your account and your stored personal data,
  5. processing is necessary for the purposes of legitimate interests pursued by us or by a third party. Such legitimate interests are the smooth and secure operation of our website, direct marketing, after-sales customer support and the improvement of products and services.

In any case, we shall keep requested personal data at the minimum possible level. Depending on the data processing purpose, your denial to provide requested personal data may prevent us from fulfilling a statutory, pre-contractual or contractual requirement.

PERSONAL DATA PROCESSING

We shall collect and process your personal data only after you provide us with your explicit consent while using our website and e-shop or when you are contacting us for any other reason. We will ask you for your personal data in the following cases:

  • When you register and open a user account on our website, we collect your email address.
  • When you register to our website with your social media profile (e.g., Facebook, Google, etc.), you provide us with access to your social media profile’s username and email address.
  • When you place an order through our e-shop or by any other means, we will ask you for your full name, delivery address, email, and a telephone number. Additional data may be required by applicable tax legislation.
  • When you contact us for information on our products, or about your order, we may ask you for your full name and contact details.
  • When you are registering to receive our newsletter, we will ask you for your email address.
  • When you participate in one of our contests, we will ask you for your full name and contact details. Note that participation to a contest shall be subject to the specific terms and conditions and privacy policy of that particular contest, which you have to accept prior to participating.
  • Depending on your chosen Cookies preferences and according to our Cookies Policy, we may collect information on your browsing activity, your preferences and your purchase orders. Such information is collected and stored anonymously.

DURATION OF PERSONAL DATA STORAGE

We will retain your personal data for the period required to fulfill the processing purposes mentioned above, or until you explicitly request from us to delete your personal data from our database, subject to the limitations prescribed in Article 17 of the GDPR. In the case where personal data processing is based on your consent, the data shall be retained until we receive your withdrawal from such consent and there is no other legal base or statutory limitation preventing us from deleting your data. Certain data (e.g., order data) may be kept anonymously or pseudonymized for the purposes of statistical analysis.

Note that we may retain your personal data until the end of a claim limitation period or until any disputed claims are resolved before mediation panels or courts. We may also retain your personal data for as long as this may be required by tax or other applicable legislation.

YOUR RIGHTS

According to Articles 15 to 22 of the GDPR and Articles 33 to 35 of applicable Greek Law 4624/2019, you have certain rights as a data processing subject. You have the right to withdraw your consent for personal data processing anytime. You have the rights to request from us access to and rectification or erasure of your personal data. You have the right to request from us to restrict processing concerning yourself as a data subject, the right to object to your personal data being processed for the purposes of legitimate interests pursued by us or by a third party, including profiling, as well as the right to data portability, where possible. You also have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects on you or affects you significantly in a similar way. These rights can be exercised subject to limitations prescribed in the legal provisions mentioned above.

In addition, you have the right to lodge a complaint with the competent data protection authority. Our supervisory authority is Hellenic Data Protection Authority www.dpa.gr.

PERSONAL DATA TRANSFERS

As part of our operations and in order to fulfill our contractual obligations, we contract web hosting, payments and delivery service providers who may have to process your personal data according to our instructions. We cooperate only with data processors who are contractually bound to provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of GDPR and will ensure the protection of your personal data rights.

Your personal data are stored on hosting servers located in countries which ensure an adequate level of data protection, as defined in Article 45 of the GDPR.

We do not assume or accept any responsibility whatsoever for processing of any personal data you may provide to third parties through links provided on our website. Such parties are independent Data Controllers and so we strongly advise you to study their Privacy Policies prior to granting them with access to any of your personal data.

DATA SECURITY

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks involved for your personal data, in accordance with GDPR requirements.

Your information is processed only by authorized and qualified staff and associates which are bound by confidentiality and data protection agreements with us.

Your user account is personal and non-transferable. It is your duty to safeguard and not to disclose your user login credentials to anyone else.

PRIVACY POLICY UPDATES

We may update our privacy policy anytime and at our sole discretion. The updated policy will be displayed on this web page. In exceptional cases of major policy updates we may also notify you by email.