At Ergastini, we want you to know and have control over what data you share with us and what we do with it. This Privacy Policy explains in simple and clear terms what data we collect and how we use it. Its purpose is to help you stay informed and decide what data you want to share with us.
Who we are and Data Controller
Our website address is: https://ergastini.com. The sole proprietorship Zoι Papadaki (hereinafter “Ergastini” or “we”), located at 7 Damaskinou Street, 713 05 Heraklion, Crete, Greece, is legally responsible for processing the personal data of our website visitors and customers.
What personal data we collect and why
Depending on how you use our website, we may collect and process the following personal data:
- Identification & Contact Details: Your name, email address, postal address, and phone number.
- Account Information: If you register, we collect your username, password, and registration date.
- Order Information: Items in your cart, order date, delivery status, shipping/billing address, and IBAN for potential refunds. We do not store your bank card details; these are safely handled by payment providers like Stripe or PayPal.
- Interactions & Media: Reviews, product evaluations, messages, and images you share with us. If you leave comments on the site, we collect the data shown in the comments form, plus your IP address and browser user agent string to help with spam detection. An anonymized string (hash) may be provided to the Gravatar service, and after approval, your profile picture is visible to the public. If you upload images, avoid including embedded location data (EXIF GPS), as visitors can download and extract it.
Why we collect it: We process this data to provide our services, process your orders, answer your inquiries, handle refunds, prevent fraud, and comply with legal and tax obligations.
Cookies
We use cookies to remember the products in your Shopping Cart and provide a personalized experience.
- If you leave a comment, you may opt-in to saving your name and email in cookies for one year for your convenience.
- If you visit our login page, a temporary cookie is set to determine if your browser accepts cookies, which contains no personal data and is discarded when you close your browser.
- When you log in, we set up cookies to save your login information (lasting 2 days, or two weeks if you select “Remember Me”) and screen display choices (lasting for a year). If you log out, these cookies are removed.
- If you edit or publish an article, an additional cookie is saved indicating the post ID, which expires after 1 day.
You can read our cookie policy here.
Consent Tool (Real Cookie Banner)
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found here.
The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
AWS S3 Services
The Facebook services used in our online store are based on Amazon Web Services (AWS) S3, a secure cloud data storage service. AWS S3 (Simple Storage Service) allows for the secure storage, management, and transfer of data via the Internet, in accordance with applicable security standards and the General Data Protection Regulation (GDPR). For more information, you can refer to the AWS Terms of Service and the AWS Data Processing Addendum (pdf).
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content behaves exactly as if you visited the other website. These websites may collect data about you, use cookies, embed third-party tracking, and monitor your interaction with that content.
Who we share your data with
Your data is processed by authorized Ergastini teams. We may share necessary data with:
- Courier companies for delivering your orders.
- Payment providers like Stripe (privacy policy) or PayPal (privacy policy).
- Network and infrastructure providers.
- Authorities, if required by law.
- Note: If you request a password reset, your IP address will be included in the reset email. Visitor comments may also be checked through an automated spam detection service.
How long we retain your data
- Registered users: We store personal information provided in user profiles for as long as the account is active.
- Unregistered users: Data is retained for up to two (2) years after your last visit.
- Transactional data: Retained for up to five (5) years for tax and proof-of-transaction purposes.
- Comments: If you leave a comment, the comment and its metadata are retained indefinitely so we can recognize and approve follow-ups automatically.
What rights you have over your data
If you have an account or have left comments, you can request to receive an exported file of your personal data. You have the right to access, rectify, or request the erasure of your personal data. You also have the right to data portability, to restrict processing, and to withdraw your consent at any time. This does not include any data we are obliged to keep for administrative, legal, or security purposes. To exercise your rights, you can use your profile settings or submit a written request to us, and we will respond within one (1) month.
Our Commitments and Security
We take your privacy seriously. We use appropriate technical and organizational measures, including strong encryption on all our pages, to ensure your data is secure against unauthorized access, alteration, or deletion.
Contact Information and Right to Complain
For any questions or requests regarding your personal data, please contact our Data Protection Officer:
- By Email: dpo@ergastini.com
- By Mail: Ergastini, Attn: Data Protection Officer, 7 Damaskinou St., 713 05 Heraklion, Crete, Greece
If you believe your data protection rights have been violated, you have the right to file a complaint with the Hellenic Data Protection Authority (Kifisias Ave 1-3, 115 23 Athens | Tel: +30 210 6475600).
Last updated: March 23, 2026