Privacy Policy



The protection of your personal data is important to us. This privacy statement explains what kind of personal data we collect from you through our websites you visit and how we use that data legally.

Who we are and how you will contact us

The website belongs to the company PANAGIOTIS PETROCHEILOS ROYAL LIMITED PARTNERSHIP. located in Royal Mare Hotel, Anissaras, Limenas Hersonissou, Heraklion which is also the Processor for the Personal Data we process. Responsible in our company for personal data protection issues is Panagiotis Petrocheilos, phone +30 28970 21773 e-mail:

You can contact us for any questions or other questions regarding the collection and use of Personal Data or this privacy statement and for the exercise of your rights by law for the protection of personal data in the above e-mail.


What is Personal Data and its processing?

1)   Personal data (or personal data) is any information relating to an identified or identifiable natural person (called a “data subject”); an identifiable natural person is one whose identity can be verified, directly or indirectly, in particular through reference to an identity item, such as name, ID number, location data, online ID, or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural, or social identity of that individual;

2 ) Processing of personal data is any operation or series of operations performed with or without the use of automated means, in personal data or in personal data sets, such as collection, registration, organization, structure, storage, customization or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction;


Generally about the Personal data that we collect when you visit our website and the purposes of their collection and processing.

Like all online businesses, we collect data to make our website work efficiently and to provide you with the best possible experience and information you are looking for while browsing. Some of this data is provided directly by you, such as when you create a personal account for use of our website by filling out a relevant form or contacting us for support or information. With your consent we obtain certain data recording how you interact with our website, for example, using technologies such as cookies and the data we collect may include the IP address or browser information you use while browsing our website and the links selected. For the collection of data through cookies we ask for your explicit consent when you enter our website according to the cookies policy that you can see below.


Personal data we collect when you contact us and the purposes of collecting and processing them.

When you contact us via email or phone e.g. to request information about products, your order, prices, offers or descriptions for products or other material we may collect from you your full name, address, shipping address of your order, your VAT number and email address your phone number or other contact details as well as the contents of the e-mail you sent us in order to execute the transaction with you or because this is necessary for the communication with you and for the necessary actions to be taken before the conclusion of the contract.

You can unsubscribe from the list of our company emails by following the relevant deletion instructions included in each email.


Personal data that we collect when you make transactions through our online store ( e shop ) and the purposes of their collection and processing.

In addition to the above data, if you use the e-shop of our company, we collect from you and process the necessary data in order to execute the transaction with you which you provide us by completing the relevant registration form.

This data can be the following:

Your full name, your address, the shipping address of your order, your VAT number, your email address, your phone number or other contact information. Also, credentials including our e-shop password, security questions or other security information.

When you use your credit card to pay for your orders through our online store, your credit card number and details are not collected by us but are collected directly by the special application of the organization that issued your credit card. Specifically, we have proceeded with the adoption of the Piraeus Paycenter service in order to securely make card charges in the electronic payment system of Piraeus Bank. 

Informing you about your Rights.

The law provides for data subjects to have the right to request the controller to access and correct or delete personal data or to restrict the processing of the data subject or the right to object to the processing, as well as the right to data portability. , as well as revocation of any consent you have given with future validity.

For relevant issues you can contact the “Personal Data Protection Authority: Kifissias 1-3, 115 23 Athens, Greece”


Details about the rights of the data subject:


Right of access of the data subject

1. The data subject shall have the right to receive confirmation from the controller as to whether or not the personal data concerning him or her are being processed and, if so, the right of access to the personal data and the following information:


the purposes of the processing,


the relevant categories of personal data,


the recipients or categories of recipients to whom personal data have been disclosed or will be disclosed, in particular recipients in third countries or international organizations,


if possible, the period for which the personal data will be stored or, where this is not possible, the criteria for determining that period,


the existence of a right of request to the controller for the correction or deletion of personal data or a restriction on the processing of personal data concerning the data subject or a right of objection to such processing;


the right to lodge a complaint with a supervisory authority,


when personal data are not collected by the data subject, any available information on their origin,


the existence of automated decision-making, including profiling, as provided for in Article 22 (1) and (4) of the GBER and, at least in such cases, important information on the rationale to be followed and for the data subject.

2. When personal data are transmitted to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate guarantees in accordance with Article 46 concerning the transmission.

3. The controller shall provide a copy of the personal data being processed. For additional copies that may be requested by the data subject, the controller may charge a reasonable fee for administrative costs. If the data subject submits the request electronically and unless the data subject requests otherwise, the information shall be provided in the electronic form normally used.

4. The right to receive a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.


Right of correction

The data subject has the right to demand from the controller without undue delay the correction of inaccurate personal data concerning him. For the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including through a supplementary declaration.


Right to delete

1. The data subject has the right to request from the controller the deletion of personal data concerning him without undue delay and the controller is obliged to delete personal data without undue delay, if one of the following reasons applies:


personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,


the data subject revokes the consent on which the processing is based


the data subject opposes the processing and there are no compelling and legitimate reasons for processing


personal data has been processed illegally,


personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which the controller is subject;


personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) of the GIP.

The right to delete data does not apply to the extent that processing is necessary:


for the exercise of the right to freedom of expression and the right to information,


to comply with a legal obligation which requires processing under Union law or the law of the Member State to which the controller is subject, or for the performance of a duty performed in the public interest or in the exercise of official authority conferred on the controller,


for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of the GBER,


for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes.


for the establishment, exercise or support of legal claims.

Right to restrict processing

1. The data subject shall have the right to ensure that the controller restricts the processing when one of the following applies:


the accuracy of the personal data is disputed by the data subject, for a period of time which allows the controller to verify the accuracy of the personal data,



the processing is illegal and the data subject opposes the deletion of personal data and seeks, instead, to restrict their use;


the controller no longer needs the personal data for the purposes of the processing, but this data is required by the data subject to establish, exercise or support legal claims,


the data subject has objections to the processing in accordance with Article 21 (1) of the GIP, pending verification as to whether the controller’s legitimate reasoning overrides the data subject ‘s reasoning.

Right to data portability

1. The data subject has the right to receive the personal data concerning him / her, which he / she has provided to a controller, in a structured, commonly used and machine-readable format, as well as the right to transmit such data to another controller without objection from the controller to whom the personal data were provided, when:


processing shall be based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or on a contract in accordance with Article 6 (1) (b) of the GBER; and


the processing is performed by automated means.


Right of objection

1. The data subject has the right to oppose, at any time and for reasons related to his particular situation, the processing of personal data concerning him in an automated manner.

2. If personal data are processed for the purpose of direct marketing, the data subject is entitled to object at any time to the processing of personal data relating to that marketing, including the creation of a profile, if related to it. direct marketing.

3. Where data subjects object to processing for the purpose of direct marketing, personal data shall no longer be processed for that purpose.


Data transmission to third countries

Our company does not transmit your data to third countries.


Transmission of data to third parties.

Our company does not transmit your data to third parties unless this is required by law or mentioned in the following exceptions.

Some of these laws require us to send reports to regulators or other authorities. Your Personal Data for this purpose may be forwarded by us to the authorities if required by law, in particular if you report any adverse reactions to a medicinal product that you have purchased.

Exceptions: Part of your data may be transferred to partner companies that perform some work for our company, such as accounting company, marketing company, etc. and for this purpose it is necessary to process the data on our behalf. In this case we have taken all the necessary legal measures by signing special terms with these processors for the protection and security of your data.

We may also transfer this data to cooperating companies, for the purpose of sending you promotional material and personalized offers or for the evaluation of the quality of services and the evaluation of products. If you are a registered user and do not wish the transfer of your personal data in order to send you promotional material and personalized offers, you can terminate your communication by clicking on the link “Unsubscribe” that exists in each email with advertising material (Newsletter).


How long do we store Personal Data?

Your Personal Data will be retained for as long as is required for the specific business purpose or for the purposes for which it was collected.

If no transaction has been made with us and there is no particular reason, your Personal Data will be deleted 1 year after your last contact with us.

If you have made a transaction with us your data will be deleted no later than 20 years from the last transaction with us.


How do we secure Personal Data?

Our business taking into account the latest developments, implementation costs and nature, scope, scope and purposes of processing, as well as the risks of different probability of occurrence and seriousness of the rights and freedoms of individuals from processing, effectively implements, both at the time of determining the means of processing and at the time of processing, appropriate technical and organizational measures, in order to meet the requirements of the law and to protect the rights of data subjects in accordance with its security policy of our company.

Specific security measures we take for your data that we process through our website are the following:

The access to the personal account created on our website is done through special passwords / login codes that you create. The codes used for the identification of the user / client are two: the Password and the Personal Security Password, which each time he enters them provide him with absolute security access to his personal data.

It is forbidden to reveal your password to anyone.

The password that you will create must consist of 5 elements and must include letters of which at least 1 lower case and 1 capital and numbers.

You should avoid creating a password that is easy to find such as your name, date of birth, etc.

You do not have to keep your password written in paper or electronic form.

In case of loss or leakage of the password you must notify us immediately at the email address provided at the beginning of this policy.


Ensuring the Privacy of the Transfer of Your Personal Data:

  1. To ensure the confidentiality of data transfer,  uses the 128-bit SSL encryption protocol. In addition, it has a digital protection certificate of the Geotrust group, recognized as a leader in the field of transaction security. 
  2. 3D Secure: Our company has adopted the 3D-Secure protocol in order to offer users increased protection against unauthorized use of their card during the transaction process. Cartoon consumers of banks that support the 3D-Secure protocol have the opportunity to integrate their Visa or MasterCard cards in the Verified by Visa or SecureCode programs respectively. Integration means that cardholders choose a security code for each of their cards that only they will know. Thus, every time the registered user makes an online transaction using his card, he will be asked for the security code. In the case of customers whose cards either do not support MasterCard Verified by Visa and SecureCode services,


From the cart to the end of the purchase process in the online store, all information and personal data of the user / customer are encrypted based on the 128-bit SSL encryption protocol. Encryption is essentially a way of encrypting information until it reaches its intended recipient, who will be able to decrypt it using the appropriate key. During the ordering process in the online store of the company, all communication between the user’s computer and its systems is encrypted using an encryption key. That is, every time it sends information to the system, the browser first encrypts it using an encryption key and then sends it to the system. The business system first decrypts the information it receives using the same key (predefined when the user logs in to the service) and then processes it. Business systems send information following the same encryption process.


What happens when we change this protection statement?

We may update this statement from time to time for any reason. We will notify you of changes to it by posting the new statement here or, if the changes to the statement are substantial in relation to the information we collect from you, by posting a notice on our website or if necessary by sending an email to the address you you have stated before applying these changes. If required, we will ask for your consent.



Cookies information.

This website uses a technology called “cookies”.  


What are Cookies?

A cookie is a small text file that is placed on your hard drive by a server. Cookies do not pose a risk to the computer of the user / visitor of our website.


Cookies are divided into the following categories:

Absolutely necessary

These cookies are necessary for you to be able to browse the website of our company and use its features, e.g. access areas of the site or store products in a shopping cart.

Useful for site performance

These cookies collect information about how visitors use a website, e.g. which pages do visitors visit most often? They are used to improve the way a website works in future releases.

Useful for the functionality of the site

These cookies allow the website to remember the choices you have made, e.g. the username, language or region you are in and provide a better personal experience.   

Useful for displaying content relevant to your interests.

These cookies are used to offer content that is more relevant to you and your interests.


Consent to the use of cookies by the website.

You have the ability to accept or reject cookies (other than those that are technically necessary for the operation of the website) by following the instructions that appear when you enter this website. If you choose not to accept cookies, you may not enjoy all of the interactive features of this website and other websites you visit. 

Specifically, when you log in to this website, ask if you like cookies or not by receiving a pop-up on your screen with the following content:

“We use cookies to personalize content and ads, provide social media features and analyze our traffic. In addition, we share information about how you use our site with social media, advertising and analytics partners, who may combine it with other information you have provided or collected in connection with your use of the Services. their. If you continue to use our website, you consent to the use of our cookies.

By clicking on the “I agree” button you accept the use of all cookies on the website. You can enter your options in more detail through the “View details” button. At any time you have the opportunity to change your options through the “Cookies Preferences” link at the bottom of the website. “

You can learn more about how cookies are managed by going to the Help section of your webbrowser.