Personal Data Protection GDPR
(GDPR)
Last updated: December 4, 2025
1. Who we are (Data Controller)
Emmanuela Alavizopoulou – Emmanuela handcrafted for you, Gymnasiou 15, 57007 Chalkidona, Greece, VAT EL053866282, is the Data Controller for emmanuela.gr.
Contact: info@emmanuela.gr – T: 23910211321
If you believe we have not satisfied your request, you can contact the Hellenic Data Protection Authority (HDPA): dpa.gr.
2. What data we collect
- Identification & contact details (e.g. name, email, phone, addresses).
- Order, delivery & payment details (we do not store card details).
- Marketing preferences (only with consent).
- Online identifiers (cookies/similar technologies).
3. Purposes & legal bases
- Contract execution: order, payment, return/warranty management.
- Legal obligation: tax/accounting compliance.
- Legitimate interest: system security, fraud prevention, basic usage analysis.
- Consent: newsletter, analytics/marketing cookies, personalization/recommendations.
We do not make automated decisions with legal or similarly significant effects for you.
4. Cookies & Usage Policy
4.1 What are cookies
Cookies are small text files stored on your device when you visit our website. They help us operate properly, improve your experience, and understand how you use the site.
4.2 Categories of cookies we use
| Category | Purpose | Duration |
|---|---|---|
| Strictly necessary | Cart function, login, security. No consent required. | Session or up to 12 months |
| Analytics / Statistics | Understanding traffic, improving website (e.g. Google Analytics). | Up to 26 months |
| Marketing / Advertising | Display relevant ads (e.g. Meta Pixel, Pinterest Tag). | Up to 12 months |
| Preferences | Save choices (e.g. language, currency). | Up to 12 months |
4.3 Your choices
Analytics/marketing cookies are enabled only with your explicit consent. You can manage your preferences at any time:
- Via the consent banner on first visit
- From the "Cookie settings" link in the footer
- Through your browser settings
Note: Disabling certain cookies may affect website functionality.
4.4 Third-party cookies
Some cookies are set by third-party providers (Shopify, Google, Meta, Pinterest, etc.). For their privacy policies, please refer to the respective websites.
5. Who we share data with (indicative)
Processors & contractually bound third parties (DPA):
- e-shop platform: Shopify (hosting/support).
- Payments: Shopify Payments / PayPal, etc.
- Shipping: DHL, ELTA, etc.
- Email/CRM/Analytics/Ads: e.g. Klaviyo, Google Analytics, Meta, Pinterest.
Shopify acts as a processor and/or controller for certain customer data, under the applicable Data Processing Addendum (DPA).
6. International transfers
Transfers outside the EU/EEA may occur. We use Standard Contractual Clauses (SCCs) and, where applicable, rely on the EU-US Data Privacy Framework, which was validated by the EU General Court on 03/09/2025 (an appeal may be pending).
7. Retention periods
| Category | Retention period |
|---|---|
| Orders & tax information | At least 5 years (up to 20 years in cases of tax evasion) |
| Support communication | Up to 24 months from case closure |
| Marketing | Until consent withdrawal or 24 months of inactivity |
| Security/event logs | Up to 12 months |
8. Your rights
Access, correction, deletion, restriction, objection, portability, and withdrawal of consent. We respond within 1 month of receiving the request (with the possibility of extension up to 2 months in complex cases).
9. Request Submission (GDPR/DSAR)
Send us an email at info@emmanuela.gr with the subject GDPR Request. We may request additional information to verify identity. The competent authority for complaints is the Hellenic Data Protection Authority (HDPA) (dpa.gr).
10. reCAPTCHA
We use Google reCAPTCHA to protect against malicious form use. Its use is governed by Google's Privacy Policy and Terms of Service.
11. Security – SSL
EMMANUELA recognizes the importance of the security of your personal data and your electronic transactions. We take all necessary measures with the most modern and advanced methods to ensure your maximum possible security.
All information related to your personal data and transactions is secure and confidential. To ensure the secure and confidential transfer of data, we use 256-bit key SSL encryption protocol.
12. Changes
We may update this policy; we will always post the date of the last update.
