Privacy Statement
Your privacy is extremely important to us, please read this information notice carefully.
We wish to inform you in a complete and transparent manner about the personal data processing that the company listed in paragraph 1 below will carry out on your personal data provided by you and/or collected in the context of the contacts you will possibly have with us, visiting the website www.fanatomics.com (the “Site”) (hereinafter the “Site”) and/or the other websites referring to the brand, interacting with our pages on the social networks.
When we collect your personal data, we differentiate between active and passive users, depending on how you use our Site or services.
You are an active user (“User”) when you:
- Register an account;
- Sign up for a newsletter on our website;
- Participate in prize contest;
- Engage with us on social networks.
You are a passive user (“Passive User”) when you visit our website without registering.
1. WHO COLLECTS YOUR PERSONAL DATA?
The company collecting and processing personal data as autonomous data controller (hereinafter the “Data Controller” or the “Company”) or as joint controllers is Anastasios Takis (“Fanatomics”) with registered office in Greece, Kalamata, Anagnostara 51, 24100, telephone +302152152168, email [email protected].
To facilitate your understanding of the processing activities carried out by the above mentioned subject as Controller, we have prepared this document explaining which processing activities are carried out autonomously by our company.
By using our Site you agree and intend to be legally bound by this Privacy Statement and Terms of Service.
Please consider that said processing activities are not intended for minors and the Data Controller do not knowingly collect or solicit personal data from anyone under the age of 16. If you are less than 16 years old, please refrain from provide any personal data. This does not affect the applicable contract law such as the rules on the validity, formation or effect of a contract in relation to a child.
2. WHAT PERSONAL DATA WE PROCESS
Our Company collects different categories of personal data according to the purpose for which it processes them.
Herein below we specify which categories of Personal Data are collected; in the following paragraph we will explain for what purposes each category of data is processed by the Data Controller. “Personal Data” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, device, or household.
- Identifiers/contact which may include name, date of birth, address, online identifier or username, Internet Protocol address, email address, telephone number, or account name. These are sourced directly from you or indirectly from you (e.g., from observing your actions on the Site). They are used to fulfill or meet the reason you provided the information, to contact you in relation to our Site, to respond to an inquiry, for product and service improvement, to provide loyalty programs, to provide prizes, marketing, or to process an order. For example, when you create an account, you provide your first and last name, email address, and other identifying information. We disclose this information for business purposes to internet service providers, administrative service providers, and payment processors.
- Personal Data categories contained in customer records/sales data, which may include name, address, telephone number, bank account number, credit card number, debit card number, passport number, tax code, or any other payment and financial information for billing. We source this information directly from you. We use this information to fulfill or meet the reason you provided the information, to contact you in relation to our Site, to respond to an inquiry, or process an order. For example, we need your payment information when you purchase products and services from us. We disclose this information for business purposes to internet service providers, administrative service providers, and payment processors.
- Characteristics of protected classifications,such as age or gender. We source this information directly from you. We use this information to fulfill or meet the reason you provided the information or to provide relevant services and advertising. We do not disclose this information to third parties.
- Commercial information/purchase data, which may include records of products or services purchased, obtained, or considered, such as details on purchased items (e.g., size, price, discount, model, collection, calculated spending level, abandoned cart items, etc.) or other purchasing or consuming histories or tendencies. We source this information directly from you. We use this information to fulfill or meet the reason you provided the information, to contact you in relation to our Site, marketing, and to respond to an inquiry or process an order. For example, we keep track of your purchases to create a purchase history. We disclose this information for business purposes to internet service providers, administrative service providers, and payment processors.
- Internet, technical or other similar network activity/navigation data, which may include usage and browsing history; device information, including device properties; network connection information, such as time zone; search history; information on your interaction with our Site, newsletters, or links; and error logs. We source this information directly or indirectly from you (e.g., from observing your actions on our Site). We use this information to fulfill or meet the reason you provided the information, or to improve our Site. We disclose this information for business purposes to administrative service providers, data analytics providers, and internet service providers. See paragraph 4 below and our Cookie Policy more information on the types of information we collect, how it is used, and how to opt-out.
- Inferences drawn from other personal data, which may include a profile reflecting preferences, interests, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes. We source this information directly or indirectly from you, (e.g., from observing your actions on our Site). We use this information to fulfill or meet the reason you provided the information, marketing, to provide more relevant products and services, and to improve our Site and services. We do not disclose this information to third parties.
3. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
In this paragraph we further explain for what purposes each category of data is processed by the Data Controller.
PURPOSES OF FANATOMICS
Fanatomics is the company that manages the e-commerce via the Site. In some cases, it may be necessary for Fanatomics to become aware of some information concerning you, to process specific requests you may have. Fanatomics will process Personal Data for the following purposes.
a. Sales activities and response to other requests made by customers
If you purchase Fanatomics products through the e-commerce service on the Site , Fanatomics will process your identifiers, contact data, sales data and purchase data to conclude the sale, as well as for all activities strictly connected and related to it, such as delivery or other administrative and accounting obligations.
Similarly, Fanatomics may need to verify the requirements for participating to special discount programs (e.g. verifying if the purchase made is a first purchase or other requirements of the regulation) and to process your identifiers and contact data to respond to any further requests that you may formulate through the Site by email.
Legal basis: this processing is based on the performance of a purchase contract to which you are a party; the provision of the Personal Data listed above is necessary for this purpose, since otherwise Fanatomics will not be able to process your request.
b. Sales related services
Fanatomics may need to process your Contact Data and certain Sales Data (VAT number) to manage your purchase when concluded by phone or other methods provided for by Fanatomics, or issue an invoice, should you request it. Moreover, these data will be processed also to re-contact you for reasons connected with your purchase, for example in case of complaints, to recall a faulty and/or unsafe product or, in general, for technical reasons, e.g., related to the management of problems with refused credit card payments and similar.
Legal basis: this processing is based on the performance of a purchase contract to which you are a party; the provision of the Personal Data listed above is necessary for this purpose, since otherwise Fanatomics will not be able to process your request.
c. Registration
The identifiers, contact data, purchase data will also be collected by Fanatomics to manage your request to create an account. These data will be processed to complete your membership and for all purposes strictly connected to it or instrumental, including – firstly – all the activities provided for in the Fanatomics’ registration.
All communications relating to your Fanatomics account may be made by Fanatomics via the Site, e-mail and newsletter. All these communications relating to the program itself are sent solely for the purpose of making available the benefits related to it and do not constitute marketing communications.
Legal basis: this processing is based on the performance of a contract for joining the loyalty program to which you are a party; the provision of the Personal Data listed above is necessary for this purpose, since otherwise Fanatomics will not be able to process your request.
d. Participation in prize contests
Fanatomics will be able to process your identifiers and biographical data to allow you to participate in prize contests that Fanatomics could organize. In certain situations, for example to proceed with the delivery of the prize, your contact data could also be processed. If participation in the contest requires further information, these will be requested to you upon release of a specific privacy policy.
Legal basis: this processing is based on the performance of a contract for attending the relevant prize contest to which you are a party; the provision of the Personal Data listed above is necessary for this purpose, since otherwise Fanatomics will not be able to process your request.
e. Marketing
Fanatomics will process your identifiers, contact data, biographical data, and data collected in the shop for marketing purposes, that is for advertising on social networks to which you are registered or sending advertising or direct sales material, carrying out market research, commercial communication with automated contact methods (email, newsletter, online messaging platforms, etc.), asking for your consent, where required by applicable law.
Legal basis: this processing is based, where required by applicable law, on the consent you have given via the appropriate opt-in disclosure.
You can at any time withdraw your consent, when required by applicable law, or you opt out to receive the above-mentioned communications by clicking on the appropriate option in each marketing email received, as well as by writing to the address [email protected] or otherwise by contacting the Company at the addresses indicated in paragraph 1.
f. Contact management – re-contacting the customer
Fanatomics may need to use your Biographical Data and Contact Data in order to re-contact you in the post-sales process if necessary.
Legal basis: this processing is based on the legitimate interest of Fanatomics in the pursuit of improving its performance and its relationship with the clients.
g. Customer satisfaction
Fanatomics may use your Contact Data to conduct surveys to measure the level of satisfaction (i.e., customer satisfaction) with the service provided to our Site. Please note that in any case the communications made for this purpose will not have an advertising content, or direct sales or will be used for market research or commercial communication.
Legal basis: this processing is based on the legitimate interest of Fanatomics to verify and improve the quality of its services.
h. Other administrative-accounting activities
Fanatomics may also process your Personal Data for administrative, accounting and internal statistical analysis for business planning purposes.
Legal basis: this processing is based on the legitimate interest of Fanatomics to improve the quality of its services and business.
i. Customer profile
With your consent, the Data Controller will be entitled to process identifiers, biographical data, contact data, commercial information, purchase data and other similar network activity for profiling purposes and for business analysis, that is for analysis on your purchase preferences consisting of automated processing of the above mentioned Personal Data. This processing is aimed at analytically knowing or predicting your purchasing preferences, and also in order to create customer profiles and customize the commercial offer so that it is more in line with your preferences.
Legal basis: this processing is based on the consent you have given.
You will be entitled at any time to withdraw your consent to be subject to profiling by writing to [email protected] or otherwise by contacting the Data Controller at the address indicated in paragraph 1.
j. The Data Controller may process your Personal Data to comply with a legal obligation to which it is subject.
Legal basis: compliance with a legal obligation.
The provision of data for this purpose is mandatory because in the absence of data the Data Controller will not be in a position to comply with their legal obligations.
4. COOKIES; WHAT PROCESSING ACTIVITIES WE CARRY OUT IF YOU’RE USING OUR WEBSITE AND YOU NAVIGATE WITHOUT BEING LOGGED IN
The Site is owned by Fanatomics. It is possible to browse the Site without logging in. In this case, while browsing the Site, we inform you that the computer systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not directly associated with individuals, but which by its very nature could, through processing and association with data held by third parties, allow these users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, information regarding access, information regarding location, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), the information regarding the user’s visit including data clickstream of the URL, within and from the Site, the duration of the visit on some pages and the interaction on these pages and other parameters relating to the operating system and the user’s IT environment.
These data are collected through the use of “cookies”. We specifically use browser cookies for various purposes, including cookies strictly necessary for the operation of the Site and the use of services through the appropriate features, and the cookies that are used for personalization, performance/analysis and promotional activities. Our Cookie Policy, contains more information regarding the use of cookies on the Site, as well as the options for accepting or rejecting them.
The data collected while browsing the Site will be processed to (i) manage the Site and resolve any operating problems, (ii) make sure that the content of the Site is presented in the most effective way for its devices, developing, testing and making improvements to the Site, (iii) as far as possible, to keep the Site safe and secure, (iv) to obtain anonymous statistical information on the use of the Site and to check its correct functioning, (v) identify anomalies and/or abuses in the use of the Site. The data could also be used to ascertain responsibility in case of possible computer crimes committed against the Site or third parties and may be presented to the Judicial Authority, if this makes an explicit request.
5. WHAT HAPPENS IF YOU DO NOT PROVIDE PERSONAL DATA
Some Personal Data that we will indicate you from time to time during the registration or purchase process are necessary for the completion of the purchase contract and for administrative and accounting purposes.
In the description of the purposes in paragraph 3, we have specified when it is necessary to provide Personal Data. Where not expressly indicated as mandatory, therefore, the provision of Personal Data is optional and there will be no consequences if you do not provide them, unless it is impossible for the Data Controller to act as described (for example, the impossibility to carry out marketing activities).
6. HOW AND HOW LONG WE WILL PROCESS PERSONAL DATA
The Personal Data provided to and/or collected by the Data Controller are processed and stored with automated tools and, in some cases, may be processed and stored on a paper backing. In particular, the Personal Data processed for purposes of marketing and of customer profiling will be entered and stored in the CRM systems that allow the processing of Personal Data for these purposes.
The Personal Data will be stored for the time necessary to achieve the purposes for which they were collected. In particular, the following rules will apply:
- data collected to enter into and perform purchase contracts on the Site or in shops, including payments: up to the conclusion of administrative and accounting obligations. The billing data will be kept for 10 years from the billing date;
- data of the registered user: the data will be kept as long as the account is active. Even after the termination of the account, we will retain the data if this will be necessary to comply with legal obligations, to protect our rights or to prevent fraud;
- data related to data subjects’ requests: the data will be stored until the request is satisfied;
- data collected and processed for customer satisfaction will be retained for 30 days;
- if you have provided your consent, the data processed for purposes of marketing and customer profiling will be stored for a period of 7 years. In any case, you will not be contacted again for marketing and profiling activities 7 years after your last interaction with us or even earlier if you revoke the consent previously given. The events that identify this “interaction” may include, but are not limited to, a purchase, opening an email sent, participation in a survey, contest or event, access to the “MyAccount” area, etc. For completeness, we would like to point out that, at any time, it is possible to review and modify your previously expressed consents in the “MyAccount” area of the Site and by contacting Fanatomics at [email protected].
In any case, for technical reasons, the termination of the processing and the consequent cancellation or irreversible anonymization of the related Personal Data will be definitive within thirty days from the terms indicated above.
With particular reference to the judicial protection of our rights or in case of requests from the authority, the data processed will be stored for the time necessary to process the request or to protect the right.
7. WHERE PERSONAL DATA MAY BE TRANSFERRED
For the purposes indicated above, we may also transfer your Personal Data to Europe, in particular to Greece where Fanatomics is located.
8. WHO WILL PROCESS PERSONAL DATA
The Personal Data will be processed by:
- employees and collaborators of the Data Controller processing data under the authority of the Data Controller.
- employees and collaborators of the Data Processors designated by the Data Controller, including (i) the companies managing the online store and who will be entitled to view, modify and update the Personal Data entered in the CRM systems through which the Data Controller carries out the processing activities for marketing and profiling purposes (ii) the companies managing the storage of the Personal Data of the Data Controller based on agreements or local regulations;
- third parties established in the European Union and outside the European Union, Data Processors, used by the Data Controller in particular for services of: personal data acquisition and data entry, shipping, mailing of promotional material, after sales assistance and Customer Service, market research, management and maintenance of the CRM systems through which the Data Controller carries out processing activities for marketing and profiling purposes and of the other corporate information systems of the Data Controller of the processing. The complete list of Data Processors appointed by the Data Controller can be requested to the following email address [email protected].
Personal Data may also be disclosed to third-party service providers, independent data controllers, in particular to freelancers or companies providing legal or tax advice and assistance and to companies managing payments made by debit or credit cards or for fraud prevention and management activities.
Our third-party service providers may also have access to the Personal Data of people who are not users of the Site based on information that you directly disclosed on the Site, in the following instances:
- A User who purchases a product on the Site to be mailed to a friend;
- A User who pays for a product on the Site who is different from the recipient of the product; or
- A User who recommends a product on sale on the Site to a friend.
In all of the above cases, you must make sure you receive the consent from third parties prior to disclosing their Personal Data and inform them about our Privacy Statement. We will treat this Personal Data in accordance with this Privacy Statement, just as we treat your Personal Data. However, you will be responsible in connection with the disclosure of third-parties’ Personal Data, if you failed to obtain the third parties’ express consent to disclose their Personal Data or for any improper or unlawful use of that data.
Lastly, we may share your information with third parties, unrelated to the services provided on the Site, when we believe it is necessary or appropriate, including: (a) as required or necessary in order to comply with applicable law (including laws outside your country of residence); (b) to protect us against liability; (c) to respond to subpoenas, judicial processes, or legitimate requests by law enforcement officials; (d) to purchasers in connection with any sale, assignment, or other transfer of all or a part of our business or company; (e) to protect our operations; (f) to protect our rights, privacy, safety or property; and (g) to allow us to pursue available remedies or limit the damages we may sustain.
9. COLLECTION FROM CHILDREN
The Site is not intended for children under the age of 16 and we do not knowingly collect Personal Data from such children. Children under the age of 16 should not use or attempt to use our Site or send Personal Data to us. In the event that we learn that we have inadvertently gathered Personal Data from a child under the age of 16, we will take reasonable measures to erase such information from our records. Parents who believe that we might have any information from or about a child under 16, may submit a request to [email protected] and request that such data be removed..
10. EXERCISING YOUR RIGHTS
Pursuant to Chapter III of the GDPR, you have the right to ask Data Controller:
- to access to your Personal Data;
- to receive the copy of the Personal Data you provided us (so-called “data portability”);
- the rectification of the Personal Data in our possession;
- the erasure of any Personal Data in relation to which we no longer have any legal basis for processing;
- the limitation of the way in which we process your Personal Data, within the limits set by the applicable law data protection law.
Right to object: in addition to the rights listed above, you always have the right to object at any time to the processing of your Personal Data carried out by the Data Controller for the pursuit of its legitimate interest.
You also have the right to withdraw, in whole or in part, the consent to the processing of Personal Data concerning you for the purpose of sending advertisements or direct selling or for carrying out market research or commercial communication with automated contact methods (email, social media, messaging platforms, etc.) and traditional contact methods (mail).
If you prefer that the processing of your Personal Data is carried out solely through traditional contact methods, you can object to the processing of your Personal Data carried out through automated contact methods.
The exercise of these rights, which can be done through the contact details indicated in paragraph 1, is not subject to formal constraints. In the event that you exercise any of the above mentioned rights, it will be the responsibility of the Data Controller that you contacted to verify if you are entitled to exercise the right and to provide you with an answer, normally within a month.
If you believe that the processing of your Personal Data is carried out in breach of the provisions of the GDPR, you have the right to lodge a complaint with your local competent Data Protection Authority or to start the appropriate legal actions before the competent courts.
To exercise your rights, you can send a request to the Data Controller by [email protected].
11. YOUR CALIFORNIA PRIVACY RIGHTS & HOW WE RESPOND TO “DO NOT TRACK” SIGNALS
If you are a California resident, you may have the right to request and receive certain information about a company’s disclosure of your Personal Data to third parties for their own direct marketing use, and your choices with respect to such disclosures. Because we do not share your Personal Data with third parties for their own direct marketing use, we are exempt from this requirement. If you still wish to learn more about our compliance with this requirement, please contact us at the address listed in paragraph 1.
As of January 1, 2020, you may be entitled to the below rights:
- the right to know. You may request information about the categories and specific pieces of Personal Data we have collected about you over the last 12 months, as well as the categories of sources from which such information is collected, the purpose for collecting such information, and the sale or disclosure for business purposes of your Personal Data to third parties, and the categories of third parties with whom this information was shared. You may also request a copy of the Personal Data we have collected, and upon request, we will provide this information to you in electronic form;
- the right to opt-out of the sale of your Personal Data to third parties. We do not sell your Personal Data at this time, and we do not sell the Personal Data of children under 16 years old;
- the right to request deletion of your Personal Data, subject to certain legal exceptions; and
- the right to not be discriminated against for exercising any of the rights mentioned above.
You can exercise your rights by contacting us using the details set out in paragraph 1. Whenever feasible for verification, we will match the identifying information provided by you to the Personal Data already maintained by us. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information. You may designate an authorized agent to make a request on your behalf. Such authorized agent must be registered with the California Secretary of State and must have permission to submit requests on your behalf. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
12. HOW WE RESPOND TO DO NOT TRACK SIGNALS
The “Do Not Track” (“DNT”) privacy preference is an option that may be made in some web browsers allowing you to opt-out of tracking by websites and online services. At this time, global standard DNT technology is not yet finalized and not all browsers support DNT. We therefore do not recognize DNT signals and do not respond to them.
13. LINKS TO THIRD-PARTY WEBSITES
Our Site contain links to other third party websites. We are not responsible for the privacy practices or the content of such third party websites. To better protect your privacy, we recommend that you review the privacy policy of any third party website you visit.
AGAIN, PLEASE NOTE THAT THIS PRIVACY STATEMENT DOES NOT COVER THE COLLECTION AND USE OF INFORMATION BY SUCH THIRD-PARTY WEBSITES.
14.SECURITY
We have adopted commercially reasonable security measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. We may use third-party products and services to secure or store your information. We encrypt credit card numbers from e-commerce transactions conducted on our Site. However, no method of internet transmission or electronic storage is 100% secure or error free. Consequently, we cannot ensure or warrant the security of any information you transmit to us. If we learn of data security systems breach we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Site or providing Personal Data to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. We may post a notice via the Site if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach. If you have any reason to believe that your interactions with the Site are no longer secure, please notify us immediately at the addresses provided above.
Additionally, please do not forget that it is essential for the safety of your data that your device is equipped with tools such as constant antivirus updates and that your internet provider provides a connection ensuring a secure data transmission through firewalls, spam filters, and similar measures.
15.CHANGES TO OUR PRIVACY STATEMENT
We reserve the right to amend all or part of our Privacy Statements from time to time. The version published on the Site is the version currently in force. Changes to our Privacy Statements are communicated by placing a notice on the Site stating “Revised Privacy Statement(s).” Changes to our Privacy Statements will be effective immediately once published on the Site unless otherwise noted. If we make material changes to our Privacy Statement, we will notify you by prominently posting the changes on our Site as described or by using the contact information you have on file with us. Your use of the Site following any amendments, indicates your consent to the practices described in the revised Privacy Statements. We invite you to periodically review our Privacy Statements to be informed of any relevant changes, especially before providing any data to us.