Introduction

 

The company under the name "KOUKOVINOS – FINANCIAL CONSULTANTS LIMITED LIABILITY COMPANY," with the distinctive title "KOUKOVINOS – FINANCIAL CONSULTANTS L.L.C.," headquartered in Kerameikou 4, Athens 10437, Greece, with VAT number 999722992 – Tax Office of Cholargos, with email address info@koukovinos.com, and website www.koukovinos.com (the "Company"), duly represented, takes the privacy of its customers and users very seriously and undertakes to fully comply with applicable law (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on Data Protection – hereinafter "GDPR"). This document ("Privacy Policy & GDPR") provides information on how personal data collected by the Company through its offices, employees, and associates is processed and constitutes a privacy notice to data subjects in accordance with Article 13 of the GDPR. Specific privacy notices are typically published in the sections of the Website where users' personal data is collected and are, in any case, supplemented by this Privacy Policy.

​

Data Controller

 

The data controller is the aforementioned company under the name "KOUKOVINOS – FINANCIAL CONSULTANTS LIMITED LIABILITY COMPANY," with the distinctive title "KOUKOVINOS – FINANCIAL CONSULTANTS L.L.C.," at the contact details provided above (the "Data Controller").

 

The Data We Process

 

The following data may be processed: general personal data that you may provide when receiving a service from the Company, its employees, or its associates, as well as when using the Website's features, including browsing data or requests for services offered on the Website (e.g., participation in contests or other initiatives available at the Company’s offices or on the Website, use of applications, information requests, and reports submitted via contact forms, etc.), as well as data collected from cookies.

​

Cookies

 

For a better browsing experience on the Website, cookies are used. Cookies are small text files stored on your computer that contain various preferences related to the operation of the Website. Sensitive personal data is never stored or processed through cookies. Upon entering the Website, you accept the use of cookies by responding to the relevant notification displayed on your screen. You can disable cookie storage via your browser settings or delete existing cookies. However, in such cases, some parts of the Website may not function properly.

​

Why and How We Process Your Personal Data

 

With your consent, which is obtained through acceptance of this policy and, in any case, by receiving any service from the Company (including its employees and associates) following your request, the Company may process your general personal data to ensure that you can benefit from the available services and features and optimize their performance, gather statistical data regarding their usage, manage requests and reports received through its offices, employees, and associates, or via the Website, and manage your registration in restricted-access areas and initiatives (e.g., contests) available at the Company’s offices or on the Website, in accordance with Article 6(1)(a) of the GDPR. By accepting this policy and conducting any service transaction with the Company (which inherently requires acceptance of this policy), you consent to the Company using your personal data for the execution, completion, and invoicing of the services provided to you by the Company and its employees and associates.

 

The Company may also process your personal data to comply with legal obligations arising from laws, regulations, and European Union legislation, pursuant to Article 6(1)(c) of the GDPR. Additionally, your general personal data may be used for marketing activities, such as sending promotional material or commercial communications regarding the Company's services to your provided contact details via traditional methods (e.g., mail, telephone) or automated means (e.g., internet communications, fax, email, text messages, mobile applications, social media accounts such as Facebook or Twitter, etc.). The legal basis for processing in this regard is Article 6(1)(a) of the GDPR.

 

Finally, the Company may process your general and sensitive personal data to protect its rights in legal proceedings. All your data is processed using automated and electronic tools that ensure full security and confidentiality.

 

Minors

 

We request that individuals under the age of eighteen (18) do not provide their personal data. If your child has submitted personal data that you would like to be removed, please contact us at the aforementioned address.

​

Necessary Processing

 

Any related form must be completed either at the Company’s offices or on the Company’s website, requiring the provision of your personal data that is strictly necessary for processing your messages and requests. If you do not wish to provide them, we will not be able to process your messages/requests.

​

Browsing Data

​

When visiting the Website (i.e., without sending any message or using any of the available services/functions), the processing of your data is limited to browsing data. This includes data necessary to send to the Website for the operation of the computers running it and for internet communication protocols. This category includes, for example, IP addresses or domain names of computers used to visit the Website and other parameters related to the operating system used to connect to the Website. The Company collects such data (as well as other data, such as the number of visits and the time spent on the Website) only for statistical purposes and in an anonymous format, in order to monitor Website functionality and improve its performance. These data are not collected to be linked with other user-related information or to identify users. However, by nature, this information can allow the Company to identify users through processing and linking with data held by third parties. Browsing data is usually deleted after processing in an anonymous form but may be stored and used by the Company to detect and identify perpetrators of any computer crimes committed against or through the Website. Subject to this provision and the Cookie Policy, the above browsing data is stored only temporarily, in accordance with the law.

 

Links to Other Websites

 

This Privacy Policy applies exclusively to the Website as stated above. Although the Website may contain links to other websites (third-party websites), please be aware that the Company does not access or use tracking systems such as cookies, web beacons, or other tracking technologies active on third-party websites, the content and material published on them, or the methods used to process your personal data. Therefore, the Company explicitly disclaims any responsibility for such matters. You should verify the privacy policies of such third-party websites and gather information on their terms and conditions and how they process your personal data.

​

How We Store Data and for How Long

 

In accordance with Article 5(1)(c) of the GDPR, the computers and programs used by the Company are designed to minimize the use of personal data and identification details. These data are processed only to the extent necessary to achieve the purposes outlined in this Policy and are stored only as long as absolutely necessary for the specific purposes. The criterion for determining the storage period is based on legal deadlines and principles of data minimization, storage limitation, and efficient record management.

 

How We Ensure the Security and Quality of Your Personal Data

 

The Company is committed to ensuring consumer and user data security, complying with legal security provisions to prevent data loss, unlawful or improper data use, or unauthorized access. The Company uses advanced security technologies and procedures to protect user data. For example, personal data is stored on secure servers in controlled-access facilities. Customers can help the Company update and correct their personal data by notifying any changes in their address, contact details, etc.

 

Access to Data

​

The following categories of individuals are authorized to process customer and user data: technical and administrative staff, IT personnel, and all employees and associates of the Company who must process the data to perform their duties and provide the required services.

Every service transaction requires the collection of personal details for service initiation, completion, and billing. Additionally, the use of debit/credit cards requires identification documents to verify the legal owner. Any document or certification confirming and declaring the identity of the customer and user remains strictly confidential and is reviewed only by the responsible officer. By providing personal data, the customer and user consent to its use by the above-mentioned individuals for the stated purposes.

Under specific conditions, data collection, use, and disclosure may be permitted or required by law or court order without prior consent (e.g., in cases of court rulings). Data may also be shared with third countries:

Institutional bodies, authorities, and public agencies for institutional purposes.

Professionals, independent consultants (whether working individually or collectively), and third parties providing the Company with commercial, professional, or technical services necessary for operating its physical store or website (e.g., IT services) to support the Company in delivering requested products and services.

Third parties in cases of mergers, acquisitions, business transfers, audits, or other extraordinary transactions.

The recipients receive only the necessary data for their respective functions and process them solely for the purposes mentioned above and in accordance with data protection laws. Data may also be shared with other legally designated recipients under applicable laws. Beyond these cases, data will not be shared with third parties who do not perform commercial, professional, or technical functions for the Data Controller and will not be disseminated.

Regarding data transfers outside the EU, even to countries where privacy laws do not guarantee the same level of protection as EU law, the Data Controller ensures that the transfer is conducted under GDPR-compliant methods, such as user consent, standard contractual clauses approved by the European Commission, participation in international data transfer programs (e.g., EU-U.S. Privacy Shield), or transfers to countries deemed safe by the European Commission.

​

Your Rights

​

You may exercise your rights under the GDPR at any time, as detailed in Articles 15-22, including the right to confirm the existence of personal data concerning you, review its content, origin, accuracy, and location, request a copy, request corrections, and in cases permitted by law, request processing restrictions, deletion, or object to direct marketing activities (including specific communication methods). Likewise, you may withdraw consent in writing, raise concerns regarding the processing of your personal data that you deem incorrect or unjustified, or file a complaint with the Data Protection Authority. You may contact the Data Controller at the above-mentioned address to submit any request regarding the processing of personal data by the Company and to exercise all legal rights.