Privacy & Security

Overview

Respect for your privacy and the management, protection and security of your personal data is a priority for RIST Hellas (the “Company”, “we”, “us”). The Company has adopted this Data Protection Policy for the purpose of informing you, who visit or purchase from www.rist.gr (“online store” or “website”), or become a member, or subscribe to receive our newsletter, or under any other capacity make use of the services of RIST Hellas, or participate in the Company’s promotional or other activities, or make use of the social media accounts of RIST Hellas, or otherwise ( “you”, “your”), about the types of data that the Company collects or generates about you, the purpose of the collection and processing of your data, the data processing method, the data recipients and the purposes of their processing, your rights and options regarding your personal data, and the method for contacting us for any issue that concerns you regarding your personal data.

This Data Protection Policy Includes:

- Information about the Controller of your personal data.
- The type of data that we collect about your and the collection methods.
- The purposes for the collection and processing of your personal data and the legal basis for processing.
- The security measures we implement for the protection of your personal data.
- The duration of retention of your personal data.
- Your rights and how to exercise them, as well as your options regarding the collection and processing of your data.
- The protection and storage of your personal data.

 

Data Controller

The Controller of your personal data is the company with the trade name RIST HELLAS PRIVATE COMPANY, with head office in Thessaloniki, 27 Georgikis Scholis Avenue, P.C. 57001.

 

Data Collected

“Personal Data” is any information that may be used to identify a natural person. When you browse the RIST Hellas online store or social media accounts, place an order, open an account, subscribe to receive our newsletters, participate in RIST Hellas promotional activities such as contests, interact on social media (e.g. comments, likes, etc.) or otherwise, we collect various types of personal data about you, or directly from you, or from third parties, or that we collect or generate by our own means (including by automated means).

In particular:

If you visit our website, our official social media accounts, or you create an online account:

Initially, in order for us to service any requests or questions by you regarding RIST Hellas, you will be asked to fill in a contact form on our website and to provide your name and email address.When you contact us through the Company’s social media accounts (Facebook, Instagram, etc.) or through our customer service department, you provide us with personal data such as identity, contact or transaction information, which we use as the case may be exclusively to service your request.

Furthermore, when you browse our website you may be asked to provide personal data in order to take advantage of certain services/benefits. For instance, when you provide consent for promotional communications (newsletter) and news regarding our products or services, you will be asked for your email address, your gender, and the brands you are interested in.

Additionally, when you create a personal account through our website, it is necessary to input your full name, your email address and a password. Through your personal account you will be able to create a wish list of your favorite products.

When you enter contests carried out from time to time by the Company, you provide us with the personal data specified in each case.

- If you are a supplier, please click here
- If you are a prospective employee, please click here
- If you are a customer or a prospective customer,
when you place an online order, you must provide us with your full name, the delivery address for the products, your email address, a contact phone number, and payment information (credit/debit card, etc.). Furthermore, to complete your purchase we require your Police ID Card no., your passport number, your TIN and PFD. When you make a purchase, we also record the brand, model number, and serial number of the watch you purchase, the date of purchase, and the method of payment.

 

RIST Hellas collects the above data as provided by you in the context of concluding a contract of sale for the Company’s products and when you use the Company’s online store to make your purchases.

In particular, in regard to payments security: the online store of RIST Hellas accepts credit/debit cards by Mastercard, American Express, Diners, Visa & Maestro, issued by any bank, through the SSL (Security Certificate & SSL Technology) protocol, which is confirmed through the VISA and MASTERCARD 3D Secure Network.

All payments made using a credit/debit card are processed through the Alpha e-Commerce platform by Alpha Bank, which uses TLS 1.1 encryption with 128-bit encryption protocol (Secure Sockets Layer – SSL). Encryption is a method of encoding information until it reaches its intended recipient, who is able to decode it using the appropriate decryption key.

 

The RIST Hellas online store does not collect or in any way process your credit card data, and that is why you must re-enter it every time you use your credit card to complete a transaction through the website. 

For more information on our policy, see the sections Transaction Security and Payment Methods.

If you become a customer of the Company, RIST Hellas informs you that it wishes to process its customers’ data, provided to the Company when making a purchase or other transaction, for the purpose of direct commercial communication about similar products or purposes. In particular, we will process your email address and your mobile phone number in order to send email or text messages, or through Viber or other multimedia applications, regarding new arrivals, fashion news, special offers and other promotional activities, provided that you do not object to receiving such commercial communications.

In such instances, where in the framework of a purchase we have collected your email address and/or your mobile phone number, in the context of our legitimate interest to advertise and promote our products we can, with the use of the above data, proceed to optimize your browsing experience and to show you ads related to your preferences on social media websites.

If you are a customer of the Company and you have accepted cookies that record what you have browsed in our online store or products left in your shopping cart, we may send you an email message to remind you of what you were browsing or what you left in your cart.

In these instances, you may opt out of such communications by clicking on the unsubscribe link in the email message or in any case by contacting us.

 

Customer Loyalty Program

RIST Hellas offers its customers the option to participate in the “Authenticity Program”, a loyalty scheme. To participate in the program, we collect through the relevant form your full  name, date of birth, postal address, email address, mobile phone number, the make, model and serial number of the watch you purchased, the date of purchase, and the physical or online store where you made the purchase.

 

Automated Data Collection

Furthermore, during your interaction with us, certain data are collected automatically from your device or your browser (cookies). The following data and information about you are collected automatically. With the use of cookies and other similar technologies, we collect and/or generate data regarding your preferences, such as the products you view, the duration and frequency with which you view certain products, the types of newsletters that you open or not, their content and your interaction with us following receipt of each newsletter, the search terms you input or the links that you click on in our online store, the products you place in your shopping cart and do not ultimately purchase, your country of origin, language preference, etc.

From your Account we create a history of your orders and purchases, and from these we deduce your preferences, the frequency of your purchases by product category, the value of the products you purchase or that interest you, the period when you purchase, your area of residence, etc.

Data about the devices through which you access our website, such as your IP address, login credentials, type and version of your browser, the operating system and platform and other technologies on the devices you use to access our website, etc. Data about the website through which you access our online store and the website to which you go when you leave.

For more information on how we use cookies and your options, please click here.

 

Information Regarding Minors

Our website and services are not intended for use by minors under the age of 16. RIST Hellas does not collect data on minors under the age of 16 without the permission of a parent or guardian. In any case, RIST Hellas deletes any and all personal data of minors under the age of 13. If you are the parent or guardian of a minor under the age of 13 and you are concerned that your child/ward may have provided us with personal data, please contact us at [email protected].

 

How We Use Your Personal Data

We use your personal data for the following purposes:

- To contact you for issues regarding the sale of our products to you.
- To receive your orders, fulfil them, and ship the products to you.
- To manage and process your payments, including the security of your financial transactions and invoicing.
- To handle any complaints by you.
- To serve you as a member by opening your account with us.
- To establish, store and maintain our customer data base and to analyze it.
- To send you commercial communications via newsletters, text messages, or other multimedia applications (e.g. Viber) with news about our Company, products, special offers and promotional activities.
- To analyze your behavior and understand your preferences.
- To understand and analyze the results of our advertising and promotional activities.
- To fulfil your requests, such as withdrawal, replacement product, etc.
- To satisfy your rights regarding your personal data.
- To ensure the security of transactions.
- For business analysis and optimization, and to market and optimize our products, to optimize your experience and the services we provide through our online store, to manage our loyalty programs, and to adapt your experience in our online store.
- To conduct market research and statistical analysis, to develop marketing strategies and manage marketing campaigns so that we or our associates can inform you about possible opportunities to participate in marketing or promotional initiatives for our products.
- To identify, prevent and handle instances of fraud or other unlawful activities.
- To protect the rights and assets of the Company or third parties.

Other purposes: We may also use your data in other ways. In that case, we will provide special notifications to inform you when we collect the data, and we will obtain your consent before processing wherever it is required.

To attain these objectives, we will proceed to the collection and general processing only of the data that is compatible with the purposes of processing.

 

Recipients of Your Personal Data

The personal data that we collect may be transmitted to third parties. In particular:

- To any competent supervisory, state or judicial authority, if this is required by the current legal framework or by a court order.
- To other third-party associates that carry out processing on our behalf and that are bound, as are we, for a corresponding level of protection of your data, such as law firms, financial consultants – accountants, advertising agencies, providers of IT products and/or services,  and/or supports of any kind of information and electronic systems and networks, courier companies, etc.

 

We do not transfer your personal data to any third parties outside the European Union to countries where there is no adequate data protection framework. However, in the event that we are required to make such a data transfer, we will implement every opportune measure to ensure that your data will be processed securely.

 

Legal Basis for the Processing of Your Personal Data

RIST Hellas relies on the following as the legal basis for the processing of your personal data:

- Contract execution: When the processing of your personal data is necessary to fulfil our obligations under the contract.
- Legal obligation: When we are required to process your personal data in order to comply with a legal obligation, such as keeping files for tax purposes, or providing information to a state entity or a law enforcement authority.
- Legal interest: We may process your data when we have a legal interest in the performance of a legitimate activity to ensure the continuation of said activity, provided it does not exceed your interests, or to provide information to a state entity or law enforcement authority.
- Your consent: We may occasionally ask for your specific consent in order to process your personal data. The processing of these data will only occur in this manner if you provide consent. You may withdraw your consent at any time, without retroactive effect, by contacting RIST Hellas at [email protected]

 

Your Rights

Your rights, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), are the following:

- Right to access your personal data that are processed by us.
- Right to rectification of incomplete or inaccurate data retained by RIST Hellas.
- Right to erasure of your personal data.
- Right to restrict the processing of your personal data.
- Right to portability of your personal data to you or to third parties. You can receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data, subject to legal conditions, to another controller, provided that this does not adversely affect the rights and freedoms of others (only where processing is carried out by automated means for data that was provided to us with your consent or in execution of a contract).
- Right to object to the processing of your personal data at any time. RIST Hellas is entitled to not satisfy this right, if it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
- Right to lodge a complaint with the Personal Data Protection Authority (www.dpa.gr), if you believe that your rights are being violated in any way (right to lodge a complaint with a supervisory authority). Postal address: 1-3 Kifisias Avenue, P.C. 11523 Athens, call center: +302106475600, email address: [email protected]

For any additional information, as well as to exercise your rights as above, please contact us in writing by post to 27 Georgikis Scholis Avenue, 57001 Thessaloniki, or by email at [email protected]. As a rule, your request will be satisfied within one month from receipt.  Information, all announcements, and any action undertaken pursuant to articles 15 through 22 and 34 GDPR are provided free of charge.

 

Personal Data Security and Retention

We retain your personal data only for as long as is required for the purposes of data processing, i.e. for the duration of our contract, your consent, our legal obligations (such as retention for tax purposes) and our legal interest, as the case may be.

The processing of personal data is carried out in such a way as to ensure its confidentiality. RIST Hellas implements suitable technical and organizational measures to ensure an appropriate level of data security against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all inappropriate forms of processing.

The data you provide us are protected with appropriate information security techniques to ensure both safe data transfer through the internet and secure data storage in IT Systems.  To ensure safe browsing on our online store and to secure your transactions, the Company adopts every appropriate measure, implementing the latest, high-quality security specifications in keeping with market trends, such as, for example, the high levels of SSL (Secure Sockets Layer) encryption technology by Thawte that operate during input of sensitive personal data and provide 256-bit encryption for communications.

We require from all third parties who may receive your personal data to implement appropriate measures of technical and operational security for the protection of your personal data, pursuant to Greek and EU legislation on data protection.

 

Special Categories of Data

We ask that you do not disclose to us your banking data or your sensitive personal data via email. Processing sensitive personal data does not in any event serve the purposes of processing, as these are specified above.

 

Hyperlinks

Our website contains links to other websites. This statement on personal data protection does not apply to users accessing other websites.

Please review the privacy policies of such third-party websites for more information on how they handle your personal data.

 

Data Policy Review

This policy was most recently updated on 1 July 2020.

We hereby inform you that this policy may be revised from time to time. If we decide to revise our policy, we will inform you through notifications that will appear on our website.

If we decide to substantially alter our processing of your personal data, you will receive a prior notification or, where required, you will be asked to provide consent before the new policy is implemented.

 

Contact

For any questions or comments regarding this policy or our practices, feel free to contact us at [email protected].