cart logo

CUSTOMER PRIVACY POLICY

Effective Date: 24.11.2025


1. Introduction

PPHAIAX S.A. (the “Company”) with registered office in Corfu, Greece (with Tax Identification Number (TIN) 094262534 and General Commercial Registry (G.E.MI.) number 121557633000) as “data controller”, provides the following information about the processing of our customers and e-shop visitors’ personal data, in accordance with General Data Protection Legislation (GDPR) and Greek law.

Pursuant to the GDPR, “personal data” means any information that identifies -directly or indirectly- a natural person (hereinafter “user” for the purposes of this policy) and “processing” means the collection as well as any subsequent operation of personal data (recording, organisation, storage, disclosure, erasure etc.).

2. Categories and sources of personal data

(a) Data provided directly by you, when you fill in our online order form and create your account, or otherwise interact with us. Such personal data includes your first and last name, email address, delivery address, telephone number, credit card information, details of purchases. 

(b) Browsing data that is collected automatically by all websites and their transmission is inherent to the use of Internet communication protocols (“log data”). Log data includes your IP address, the domain names of your device, the uniform identifiers of resources requested (URIs), the time of the request, the method used to submit the request to our server, the size of the files obtained in response, the status code of the server’s reply (successful, error, etc.) and other parameters concerning your operating system and computing environment. This information is not collected for the purpose of identifying users, but rather to obtain anonymous statistical information on the use of our website and to ensure its proper operation. 

(c) Data collected through cookies and similar technologies. This site uses technical cookies to ensure its efficient functioning and, subject to your consent as indicated in the Cookie Settings, profiling, analytics and social cookies, as well as additional functionalities such as plug-ins and/or buttons. For further information please read our Cookie Policy.

3. Purpose of the processing

We will process your personal data for the following purposes:

(a) Order management and fulfilment: processing and confirming product purchases made through the e-shop, including communication regarding orders, payments, invoicing, and delivery; 

(b) Customer service: handling requests, returns, exchanges, complaints, or inquiries related to the e-shop or purchased products;

(c) Payment processing: verifying and completing secure online transactions through authorized payment providers;

(d) Shipping and logistics: preparing, dispatching, and tracking product deliveries;

(e) Legal and compliance purposes: maintaining records for tax, accounting, and consumer protection obligations;

(f) Marketing and communication: sending promotional material, offers, newsletters, or updates related to The Dolli and the Grecotel Group,subject to your consent provided here.

4. Legal bases for the processing

The legal basis for the processing of the personal data referred to in the above section “Purpose of the processing” is:

• with reference to points (a), (b), (c) and (d) Article 6(1)(b) of the GDPR that reads as follows: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”;

• with reference to point (e), Article 6(1)(c) of the GDPR that reads as follows: “processing is necessary for compliance with a legal obligation to which the controller is subject”;

• with reference to points (f) and (g), your consent, pursuant to Article 6(1)(a) of the GDPR that reads as follows: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”;  

5. Disclosure of data

Your personal data is accessible to authorized employees of the Company on a need-to-know basis and will be disclosed to third-party service providers registered in the European Union, including website analytic services, hosting, transaction and payment processing, promotional campaign management, shipping of goods, IT maintenance, etc.

All the aforementioned recipients act as “data processors” pursuant to Article 28 of the GDPR and process the personal data only on documented instructions from the Company, including a contractual obligation to implement appropriate security measures to protect the personal data shared with them and to process such data solely within the scope of the work outsourced.

6. Retention period

We keep your personal data for as long as required to carry out the purposes for which it was collected, unless the applicable laws provide for longer periods; or until you revoke your consent if applicable. After the conclusion of such periods and where there is no legal or business purpose for retaining your personal data, it will be automatically and permanently erased or made anonymous.

Specifically, we will retain the following categories of personal data for the duration indicated respectively:

• purchase data will be retained until payment is confirmed and for the subsequent five (5)  years from the last purchase, for administrative purposes;

• data related to user requests addressed to our customer service department will be retained until the request is resolved.

• data processed for marketing purposes will be kept for a period of two [2] years.

• Data collected through cookies and similar technologies will be kept as detailed in Cookie Settings. 

7. Transfer of personal data to third countries

In the case of transfer, storage or other type of processing of personal data, the Company will implement appropriate measures to protect it. Furthermore, in the case of the transfer of personal data outside the European Economic Area, the Company assesses the level of protection and uses standard contractual clauses approved by the European Commission or adopts other measures in accordance with the European Union law to ensure adequate protection. 

8. Your rights

Please note that you have the right to request from the Company access to, rectification or erasure of your personal data, the restriction of processing or to object to the processing, as well as the right to data portability as provided in the GDPR, and the right to withdraw your eventual consent, without affecting the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise your aforementioned rights and generally in case you have any queries regarding this Privacy Policy, or you would like to exercise your rights, please contact (free of charge) us by writing to the following addresses: [email protected]

9. Revisions

The Company reserves the right to amend this Privacy Policy at any time. The Privacy Policy currently in force is the one published on our website.

COMING SOON

By providing your email address below, we will use it only to inform you when the product you selected becomes available.

    Email *