Privacy policy

PRIVACY & COOKIES POLICY of Qinetiko

1. Introduction

1.1 At Qinetiko (“Company”, “we”, “us”), we fully respect your privacy and are committed to the secure, lawful, and transparent processing of your personal data. This Policy (hereinafter “Privacy Policy” or “Policy”) describes how we collect, use, store, disclose, and protect your data when you interact with our online store and related services.

1.2 To whom it applies
This Policy covers all individuals (“Users”, “you”) who, indicatively:

  • visit and browse our website,
  • create a customer account,
  • place orders/purchase products,
  • subscribe to the newsletter,
  • participate in promotional campaigns/contests,
  • interact with Qinetiko’s official Social Media accounts,
  • receive a product as a gift from a third party.

All the above activities are collectively referred to as the “Services.”

1.3 What you will learn here
We explain clearly and transparently:

  • what data we collect/generate about you,
  • for which purposes and on what legal basis we process it,
  • how long we retain it,
  • with whom we share it and why,
  • what rights you have and how you can exercise them,
  • what security measures we implement,
  • how you can contact us for any privacy-related issue.

1.4 Legal framework
The processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR 2016/679), Law 4624/2019, any specific national/EU legislation, and Law 3471/2006 on electronic communications, as currently in force, as well as the decisions/guidelines of the Hellenic Data Protection Authority (HDPA).

1.5 Acceptance of the Policy
By accessing our website and/or using the Services, you declare that you have read, understood, and accepted this Policy. If you do not agree with any part of it, please refrain from using the Services and from providing us with personal data.

1.6 Data Controller & contact details
The Data Controller of your personal data is Qinetiko.
For any request or inquiry regarding your data (including the exercise of your rights), you may contact us at: info@qinetiko.com

1.7 Updates of the Policy
This Policy may be amended to reflect changes in our Services and/or the legal framework. The most recent version will always be available on our website and will clearly indicate the “Date of last update.”

2. Collection & Categories of Personal Data

2.1 What is personal data
Personal data means any information relating to an identified or identifiable natural person, such as name, contact details, shipping address, and also technical data such as IP address. By contrast, anonymous or aggregated data that cannot lead to identification are not considered personal data.

2.2 Categories of data we collect
Depending on how you interact with Qinetiko, we may collect the following:

  • Identity data: full name, gender (if requested), date of birth.
  • Contact data: email, phone, postal address, billing and shipping details.
  • Account data: username, password, order history, wishlist, communication preferences.
  • Transaction/purchase data: products purchased, payment methods, transaction amounts, shipping/billing addresses, invoices, return requests.
  • Financial data: credit/debit card details, bank account information (IBAN, account holder), only when strictly necessary for completing transactions. Payments are processed in secure environments of banks/payment providers.
  • Customer support data: requests, comments, complaints, and any additional information you share with us.
  • Technical data & cookies: IP address, browser, operating system, language, timezone, navigation data, preference/marketing cookies.
  • Preference & behavior data: products viewed or saved, newsletters opened, browsing and purchase history, and other elements that help us understand your preferences to improve our services.

2.3 Sources of data collection
We collect data:

  • Directly from you: when you create an account, place an order, subscribe to the newsletter, or contact us.
  • Automatically: through cookies and tracking technologies while browsing our site.
  • From third parties: when someone purchases a product for you (gift), when you use social logins (e.g., Google, Meta), or when third parties provide us information to complete a transaction (e.g., banks, couriers).

2.4 Payment details
Qinetiko does not store credit/debit card numbers. These details are handled exclusively by our payment providers through a secure protocol (SSL). Only if you expressly authorize us may such details be retained for future purchases, always based on your consent.

2.5 Minors
Qinetiko’s services are intended exclusively for individuals over 18 years of age. We do not knowingly collect data from persons under 18. If we become aware that a minor has registered without parental/guardian consent, we will immediately delete the data.

3. Purposes of Data Processing & Use

3.1 Order fulfillment & contractual obligations
We process your personal data to:

  • register, manage, and execute your orders,
  • ship products to the address you provide,
  • issue invoices/receipts,
  • process payments and refunds,
  • provide support regarding your purchases.

Legal basis: performance of a contract (Article 6(1)(b) GDPR).

3.2 Customer service & communication
We use your data to respond to requests, inquiries, or complaints you submit (by phone, email, contact form). Legal basis: performance of the contract or our legitimate interest in providing quality service.

3.3 Updates & promotional activities
With your consent, we send you:

  • newsletters on new products, collections, services,
  • personalized offers and suggestions based on your purchase history,
  • invitations to events or contests.

Legal basis: consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time via the “unsubscribe” link or by contacting us.

3.4 Improvement of user experience & site operation
We analyze browsing data (cookies, analytics) to:

  • understand your preferences,
  • improve the speed, functionality, and security of the site,
  • tailor content to be more relevant to you.

Legal basis: our legitimate interest in service optimization and your consent for marketing/analytics cookies.

3.5 Compliance with legal obligations
We may process your data to:

  • comply with tax/accounting requirements,
  • respond to authority or court requests,
  • prevent fraud, abuse, or unlawful transactions.

Legal basis: compliance with a legal obligation (Article 6(1)(c) GDPR).

3.6 Protection of legitimate interests
We use data to:

  • ensure transaction security,
  • prevent abusive practices or breaches of Terms of Use,
  • defend our rights in case of legal claims.

Legal basis: legitimate interest (Article 6(1)(f) GDPR).

3.7 Special cases
If we intend to use your data for a purpose other than those described herein, we will inform you in advance and, where required, obtain your consent.

4. Data Disclosure to Third Parties & International Transfers

4.1 Partners – Processors
Qinetiko may disclose your personal data to trusted partners acting as processors, solely for the purposes described in this Policy. Such partners include:

  • Courier and transport companies for product delivery;
  • Banking institutions and electronic payment providers for completion of transactions;
  • External IT partners for data hosting, website maintenance, and technical support;
  • Marketing companies or newsletter delivery platforms (e.g., Mailchimp) for promotional activities.

In all cases, partners are bound by data processing agreements and implement robust protective measures.

4.2 Independent Controllers
Certain third parties that may receive your data (e.g., banks, authorities, social media platforms) act as independent controllers and bear responsibility for managing such data in accordance with their own privacy policies.

4.3 Disclosure to Authorities
We may disclose your data to competent authorities (judicial, police, tax, supervisory) where required by law or for the defense of our legal rights.

4.4 International Transfers
Where applicable, your personal data may be transferred outside the European Union to third countries. This primarily occurs when we work with service providers headquartered or hosting servers outside the EU (e.g., cloud platforms, email marketing). In such cases, we ensure that:

  • the country is subject to an adequacy decision by the European Commission; or
  • Appropriate Safeguards are implemented (Standard Contractual Clauses – SCCs); or
  • another lawful basis under the GDPR applies.

4.5 Transparency
We do not sell, rent, or otherwise exploit your personal data. Any disclosure is carried out exclusively for the purpose for which the data were collected and in accordance with the principles of necessity and data minimisation.

5. Data Subject Rights

Pursuant to the General Data Protection Regulation (GDPR 2016/679) and applicable Greek law, you have the following rights regarding the processing of your personal data:

5.1 Right of Access
You may request confirmation as to whether we process data concerning you, information on the categories of data, purposes, recipients, retention period, and obtain a copy of your data.

5.2 Right to Rectification
You have the right to request the correction and/or completion of inaccurate or incomplete personal data.

5.3 Right to Erasure (“right to be forgotten”)
You may request the deletion of your data where:

  • they are no longer necessary for the purposes for which they were collected;
  • you have withdrawn your consent (where consent is the legal basis);
  • you object to processing and no overriding legitimate grounds of Qinetiko exist;
  • the processing is unlawful.

5.4 Right to Restrict Processing
You may request restriction of processing where:

  • you contest the accuracy of the data;
  • processing is unlawful and you prefer restriction to deletion;
  • we no longer need the data for our purposes but you need them for legal claims;
  • you have objected to processing and verification of overriding legitimate grounds is pending.

5.5 Right to Object
You may object to processing based on legitimate interest (e.g., site usage analysis) or for direct marketing purposes (direct marketing, newsletters).

5.6 Right to Data Portability
You have the right to receive the personal data you have provided to us in a structured, machine-readable, interoperable format and to transmit them to another controller.

5.7 Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time, without retroactive effect.

5.8 Right to Lodge a Complaint
If you believe your rights are infringed, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) (www.dpa.gr).

6. Data Retention Period

6.1 General Principle
Qinetiko retains your personal data only for as long as necessary to achieve the purposes described in this Policy or as required by applicable law.

6.2 Transactions & Orders
Data related to orders and financial transactions (e.g., invoicing details, payments) are retained for at least ten (10) years, as required by tax and commercial legislation.

6.3 User Accounts
Your account details (profile, purchase history) are retained for as long as you remain an active user. If you request deletion of your account, they will be deleted or anonymised, unless retention is required for legal/tax reasons.

6.4 Communications & Support
Data arising from communications with Customer Support are retained for up to five (5) years from the last contact, unless a longer period is required for the establishment, exercise, or defense of legal claims.

6.5 Marketing & Newsletters
Your details for marketing communications are retained until you withdraw consent or request deletion (opt-out). Each newsletter includes an unsubscribe link.

6.6 Cookies & Browsing Data
Cookies are stored for different periods depending on their purpose:

  • session cookies: deleted when you close the browser;
  • functional/preference cookies: up to 12 months;
  • analytics/marketing cookies: up to 24 months, unless deleted earlier via your browser settings.

6.7 Retention Criterion
In all cases, retention is based on the principles of necessity and data minimisation. When data are no longer needed, they are securely deleted or anonymised.

7. Security Measures

7.1 Our Commitment to Security
Qinetiko recognises the importance of protecting your personal data and implements modern technical and organisational security measures to ensure their confidentiality, integrity, and availability.

7.2 Technical Measures

  • SSL/TLS encryption for all transactions and data transfers via the website;
  • Access to data restricted to authorised personnel only;
  • Firewalls and anti-malware systems to prevent unauthorised access;
  • Regular software updates and server security policies;
  • Backups to prevent data loss.

7.3 Organisational Measures

  • Staff training on personal data protection and secure handling;
  • Confidentiality agreements with all partners and service providers;
  • Ongoing monitoring and assessment of security systems to detect potential risks.

7.4 Transaction Confidentiality
All information transmitted by the user to Qinetiko’s e-shop is treated as confidential. Qinetiko undertakes to use such data solely for the provision of its services and only to the extent necessary.

7.5 Security Limits
Despite stringent measures, no method of internet transmission or storage is absolutely secure. Nevertheless, Qinetiko is committed to acting promptly in any breach incident and to notifying the competent authorities and data subjects in accordance with the applicable legal framework.

8. Cookies & Similar Technologies

8.1 What Cookies Are
Cookies are small text files stored in your browser when you browse Qinetiko’s website. They are used to facilitate your access, improve your user experience, and provide us with information on how you use the site.

8.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Ensure the basic functioning of the site (e.g., shopping cart, checkout). Without them, the e-shop cannot operate properly.
  • Functional Cookies: Store your preferences (e.g., language, region) for a more personalised experience.
  • Statistical (Analytics) Cookies: Collect anonymous information on how users navigate the site to improve performance and content.
  • Marketing/Advertising Cookies: Used to display targeted offers and advertisements based on your interests.

8.3 Similar Technologies
In addition to cookies, Qinetiko may use similar technologies (e.g., pixels, beacons, scripts) that operate in a similar manner and serve analytical and advertising purposes.

8.4 Cookie Management
You can configure your browser to:

  • be notified each time a cookie is received;
  • accept or reject all cookies;
  • delete cookies already stored.

Disabling strictly necessary cookies may affect site functionality and limit your ability to place orders.

8.5 Cookie Consent
Upon your first visit to Qinetiko’s website, a relevant banner is displayed through which you can accept or configure your cookie preferences. Continuing to browse is deemed consent to the use of cookies, in line with your selections.

9. Minors’ Data

9.1 Age Limit
Qinetiko does not target individuals under the age of 18 and does not knowingly collect personal data from them. Making purchases from the online store requires full legal capacity in accordance with the law.

9.2 Submission of Data by Minors
If we become aware that we have collected personal data from a minor without parental consent or lawful authorization, we will immediately delete such data.

9.3 Responsibility of Parents/Guardians
Parents or guardians are responsible for supervising the use of the website by minors. If you discover that your child has shared data with us without your consent, please contact us immediately so that we may take the necessary measures.

10. Changes to the Privacy Policy

10.1 Right to Amend
Qinetiko reserves the right to amend and update this Privacy Policy at any time to reflect changes in legislation, new services, or the operational needs of our online store.

10.2 Method of Notification
Any changes will be published on this page with an updated date (“Last Update”). In the event of significant modifications that materially affect your rights, we will inform you via email (if you have registered) or through a prominent notice on the website prior to their entry into force.

10.3 Responsibility to Monitor
We recommend that you regularly visit the Privacy Policy to remain informed about how your personal data are protected and any changes in processing procedures.

10.4 Validity of New Terms
Continued use of the website and our services after such notification constitutes acceptance of the new terms of the Policy.

11. Contact

For any questions, clarifications, or to exercise your rights concerning this Privacy Policy and the processing of your personal data, you may contact Qinetiko using the details below:

Company Name: Qinetiko | PP GROUP LP
Headquarters: Papadopoulou 8, Ioannina 454 44, Greece
Email: info@qinetiko.com
Telephone: +30 2651 313 330