Personal Data Protection GDPR
(GDPR)
Last updated: 17 February 2026
1. Who we are (Data Controller)
Emmanuela Alevizopoulou – Emmanuela handcrafted for you, Gymnasiou 15, 57007 Chalkidona, Greece, VAT EL053866282, is the Data Controller for emmanuela.gr.
Contact: questions@emmanuela.gr – T: +30 23910 21132
If you believe we have not fulfilled your request, you can contact the Hellenic Data Protection Authority (HDPA): dpa.gr.
2. What data we collect
- Identification & contact details (e.g. name, email, phone, addresses).
- Order, delivery & payment details (we do not store card details).
- Marketing preferences (only with consent).
- Online identifiers (cookies/similar technologies).
3. Purposes & legal bases
- Contract execution: order management, payments, returns/warranties.
- Legal obligation: tax/accounting compliance.
- Legitimate interest: system security, fraud prevention, basic usage analysis.
- Consent: newsletter, analytics/marketing cookies, personalization/recommendations.
We do not make automated decisions with legal or similarly significant effects for you.
4. Cookies & Usage Policy
4.1 What are cookies
Cookies are small text files stored on your device when you visit our website. They help us operate properly, improve your experience, and understand how you use the site.
4.2 Categories of cookies we use
| Category | Purpose | Duration |
|---|---|---|
| Strictly necessary | Cart functionality, login, security. No consent required. | Session or up to 12 months |
| Analytics / Statistics | Understanding traffic, improving the website (e.g. Google Analytics). | Up to 26 months |
| Marketing / Advertising | Display relevant ads (e.g. Meta Pixel, Pinterest Tag). | Up to 12 months |
| Preferences | Save preferences (e.g. language, currency). | Up to 12 months |
4.3 Your choices
Analytics/marketing cookies are activated only with your explicit consent. You can manage your preferences at any time:
- Through the consent banner on first visit
- From the "Cookie Settings" link in the footer
- Through your browser settings
Note: Disabling certain cookies may affect website functionality.
Google Consent Mode v2: We use the Google Consent Mode v2 (Advanced Mode) technology to manage your consent regarding Google Analytics and Google Ads services. This means that:
- If you decline consent, Google services receive only anonymous, cookieless pings that do not identify the visitor. These are used exclusively for statistical modeling (behavioral modeling) and not for personal targeting.
- If you accept consent, full analytics and marketing tracking is activated according to the cookie categories described above.
- This setting is applied automatically for visitors from the European Economic Area (EEA), the United Kingdom, and Switzerland (32 countries/regions). For other countries, recording is enabled by default, according to local legislation.
4.4 Third-party cookies
Some cookies are placed by third-party providers (Shopify, Google, Meta, Pinterest, etc.). For their privacy policies, please refer to the respective websites.
5. Who we share data with (indicative)
Processors & third parties contractually bound (DPA):
- E-shop platform: Shopify (hosting/support).
- Payments: Shopify Payments / PayPal, etc.
- Shipping: DHL, ELTA, etc.
- Email/CRM/Analytics/Ads: e.g. Klaviyo, Google Analytics, Google Ads, Meta, Pinterest.
- Marketplaces / Price comparison: Skroutz, BestPrice, GLAMI (receive product data via XML feed; GLAMI also uses tracking pixels on the website).
Shopify acts as a processor and/or controller for certain customer data, based on the applicable Data Processing Addendum (DPA).
6. International transfers
Transfers outside the EU/EEA may occur. We use Standard Contractual Clauses (SCCs) and, where applicable, rely on the EU-US Data Privacy Framework, which was validated by the EU General Court on 09/03/2025 (an appeal may be pending).
7. Retention periods
| Category | Retention period |
|---|---|
| Orders & tax data | At least 5 years (up to 20 years in cases of tax evasion) |
| Support communication | Up to 24 months from case closure |
| Marketing | Until consent withdrawal or 24 months of inactivity |
| Security/event logs | Up to 12 months |
8. Your rights
Access, correction, deletion, restriction, objection, portability, and withdrawal of consent. We respond within 1 month of receiving the request (with the possibility of extension up to 2 months in complex cases).
9. Request Submission (GDPR/DSAR)
Send us an email at questions@emmanuela.gr with the subject GDPR Request. We may ask for additional information to verify your identity. For complaints, the competent authority is the Hellenic Data Protection Authority (HDPA) (dpa.gr).
10. reCAPTCHA
We use Google reCAPTCHA to protect against malicious form use. Its use is governed by Google's Privacy Policy and Terms of Service.
11. Security – SSL
EMMANUELA recognizes the importance of the security of your personal data and your electronic transactions. We take all necessary measures with the most modern and advanced methods to ensure your maximum possible security.
All information related to your personal data and transactions is secure and confidential. To ensure the secure and confidential transfer of data, we use 256-bit key SSL encryption protocol.
12. Changes
We may update this policy; we will always post the date of the last update.