With us your personal data will be safe.
We, at 12myths, fully understand how important personal data is to you. That is why we are committed to processing them legally and with complete transparency.
1. What is my personal data?
By the term personal data we mean any information that concerns you and through which we can identify you. This identification can be carried out, either through a specific piece of information or through a possible combination of information available to us. The way we process them is strictly regulated by the new General Data Protection Regulation (GDPR). Find the relevant legislation here!
What is personal data processing?
The processing of personal data is any kind of act or series of acts performed on your personal data or groups of personal data, such as for example collection, registration, organization, deletion, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
2. Who are we?
We, the company 12myths, based in Piraeus (Ypsilantou 128, Postal Code 18532), Greece, are the ones who will process your personal data. This means that we determine the purposes and the way of processing your personal data that you have provided us. In addition, 12myths processes data as a processor or as a sub-processor, in the context of collaborations with affiliated or third-party partner companies.
12myths has appointed a Data Privacy Officer in accordance with applicable law. In case you want more information regarding the processing of your personal data, you can contact us by phone, calling +302104297267 or send an e-mail to the email address info@twelvemyths.com.
3. How will we process your personal data?
12myths consistently follows the provisions of applicable legislation, keeping your personal data as accurate and up-to-date as possible. And that’s because:
We retain the absolutely necessary personal data, depending on the purpose of the processing,
We process the data in a way that guarantees its security and protection against unauthorized or illegal processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures.
4. Why do we process your data and how long do we keep it?
12myths, as an e-commerce company and provider of products and services, processes data resulting from the purchase thereof.
Particularly:
- Data that you provide to us for the issuance of documents for the purchase of products and services (such as name, address, tax identification number, social security number, e-mail address, mobile number, landline number, identity number / passport number, occupation, email, date of birth, credit no. card) and are maintained in accordance with applicable tax legislation.
- The email address you provide to us in case you wish us to send you the product features you have expressed interest in. This address is not retained after the message is sent.
- Data you provide us for your participation in satisfaction survey questionnaires, as indicatively follows (email, mobile number, name, order code, etc.). In case you use the website www. 12myths, please find out about the processing of your personal data here.
Do we collect your data for other purposes?
Also, you should know that 12myths may process your personal data for other purposes as well, after first requesting your consent. More specifically, it may, after your consent, process your personal data in combination, which it will draw from various sources, in order to create your individual profile based on your personal preferences.
Profiling is any form of automated processing of your personal data through which we are likely to evaluate some of your preferences or interests in order to recommend products and/or services that may be of interest to you in the context of the above. And we will use them to send you advertising messages.
Your contact information may be used by 12myths for the purpose of advertising/promoting its products and services and/or those of its affiliated or third-party collaborating companies, in accordance with the provisions of the current legislation (Law 3471/2006) . Thus, 12myths can send you promotional messages (e.g. SMS, e-mail) to the contact information you have provided to us in an earlier transaction.
Also, you should be aware that 12myths is likely to carry out telephone campaigns for the direct marketing of its products and services and/or those of its affiliated or third-party partner companies, in accordance with applicable law. Our cooperation with third parties in Greece, Europe and other countries will not affect the security of your personal data.
As long as we process your personal data in collaboration with a partner/third company, 12myths remains responsible for the security of your personal data. Our partners are always selected based on the high technological and organizational level of security they offer. Before cooperating with any company and in the event that our cooperation requires the processing of your personal data, 12myths binds this company contractually, in order to ensure the high level of protection of your personal data.
We process your data mainly within Greece and the European Union (EU). Insofar as we work with companies outside the EU, they will process your data only on our instructions and if there is an adequacy decision from the European Commission or if appropriate clauses are agreed that ensure a high level of security in relation to the processing of your personal data.
12myths cooperates with companies active in the fields of advertising and marketing, IT, consulting services, customer service and call centre services, and human resource management (HR) services.
Exercising your rights helps to secure your personal data.
In accordance with the law, you can request from 12myths the following regarding your personal data:
- Access and correction of your personal data in case of processing inaccurate data concerning you
- Deletion of your personal data in case it is no longer necessary for the purpose for which it was collected
- Restriction of the processing of your data
- Portability of your data to another controller
To exercise your above rights, you can send an e-mail to info@twelvemyths.com or a letter to the address Customer Service 12myths, Ypsilantou 128, PO 18532, Piraeus, Greece with the subject “Exercise of personal data rights” accompanied by a copy of your ID and stating your full name.
For cases of exercising your rights for services and/or products for which 12myths is not responsible for processing, you should contact the relevant company.
Furthermore, you reserve the right to submit a written complaint to the competent supervisory authority, the Personal Data Protection Authority (Kifisias Ave 1-3 PO Box 115 23, Athens, Greece +302106475600, contact email contact@dpa.gr). For information about the protection of your personal data, you can contact us by phone at +302104297267.
We take all appropriate measures to protect your personal data. At 12myths we foresee in our corporate processes the appropriate technical and organizational measures and apply them to the IT systems and platforms used to collect process or use data.
These are indicative:
- Measures to prevent unauthorized persons from accessing data processing systems (access control).
- Measures that ensure that data processing systems cannot be used by unauthorized persons (access denial control).
- Measures that ensure that the persons authorized to use the data processing systems have access only to the data for which they are authorized and that the personal data cannot, during the processing, or use, or after the recording them, to be transmitted, copied, modified or deleted by unauthorized persons (data access control).
- Measures that ensure that during electronic transmission or during transfer or recording, personal data cannot be transmitted, copied, changed or removed by unauthorized persons, and that it is possible to control and ascertain the executors the processing, to whom personal data has been transmitted via data transmission equipment (data transmission control).
- Measures that ensure that it is possible to retrospectively examine and ascertain whether and by whom personal data have been entered, modified or deleted in data processing systems (data input control).
- Measures to ensure that personal data processed by third parties/contractors are only processed in accordance with our instructions (contractor control).
- Measures ensuring that data collected for different purposes can be processed separately (separation rule).