Last Updated: June 25, 2025
1. Introduction
Welcome to zek.gr. We are committed to protecting the privacy and security of our customers’ personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website, purchase products, or interact with our services.
This policy has been prepared in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Greek data protection laws.
2. Data Controller
The entity responsible for the processing of your personal data (the “Data Controller”) is:
- Company Name:
<FULL COMPANY NAME> - Legal Form: O.E.
- Registered Address: Emmanouil Kampouri 34, Moschato 18345, Athens, Greece
- G.E.MI. Number:
<GEMI NUMBER> - Contact Email for Privacy Matters: info@zek.gr
3. What Personal Data We Collect and Why
We collect personal data to provide and improve our services, process your orders, and communicate with you. The types of data we collect and the purposes for which we use them are outlined below.
| Type of Data Collected | Purpose of Processing | Legal Basis for Processing |
| Identity & Contact Data (Full Name, Email Address) | To create and manage your user account. | Performance of a Contract |
| Contact Data & Order Details (Full Name, Billing/Shipping Address, Phone Number, Email, Products Purchased) | To process, fulfill, and ship your orders; to manage payments, and to send order/shipping confirmation emails. | Performance of a Contract; Legal Obligation |
| Financial Data (Handled by our payment processors) | To process payments for your orders. Note: We do not store your full credit card details on our servers. | Performance of a Contract |
| Communication Data (Name, Email, Message Content) | To respond to your inquiries submitted via our contact form and provide customer support. | Legitimate Interest (to serve our customers) |
| Marketing Data (Email Address) | To send you newsletters, special offers, and marketing communications about our products. | Consent |
| Technical & Usage Data (IP Address, Browser Type, Device Information, Pages Visited, Time on Site) | To ensure the security of our website, analyze website traffic, understand user behavior, and improve our website and services. | Legitimate Interest (for security and analytics) |
4. Sharing Your Personal Data (Third-Party Processors)
We do not sell your personal data. However, to operate our business, we must share your information with trusted third-party service providers who act on our behalf (“Data Processors”). These include:
- eCommerce Platform: WooCommerce provides the core functionality of our online store.
- Hosting Provider: Hostinger stores our website’s data on its servers.
- Payment Processors: Stripe and PayPal (via WooPayments) securely handle your payment information to process transactions.
- Shipping Company: ACS Courier (and potentially other couriers in the future) receives your name, address, and phone number to deliver your orders.
- Analytics Provider: Google Analytics (managed via Google Site Kit) helps us analyze website traffic and user interaction.
- Email Marketing Platform: Mailchimp manages our newsletter subscriptions and sends marketing emails on our behalf.
- Website & Security Plugins: We use plugins such as Wordfence for security, which may process IP addresses to protect our site from malicious activity. Other plugins like Contact Form 7, Elementor, and LiteSpeed Cache are used to provide website functionality.
These providers are contractually obligated to safeguard your data and are only permitted to use it for the specific purposes for which we have engaged them.
5. International Data Transfers
Some of our third-party service providers (including Google, Stripe, Mailchimp, and Hostinger) are based outside the European Economic Area (EEA), primarily in the United States.
When we transfer your data to these providers, we ensure its protection through legally recognized data transfer mechanisms. These companies are certified under the EU-U.S. Data Privacy Framework, which the European Commission has deemed to provide an adequate level of protection for personal data transferred from the EU to the US.
6. Data Retention Period
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Order & Transaction Data: We are required by Greek tax law to keep records of all transactions (including invoices and order details) for a minimum of 5 years after the end of the tax year in which the transaction occurred.
- Customer Account Data: We retain your account information for as long as your account remains active. If an account is inactive for over 3 years, we may contact you and subsequently delete it if there is no response.
- Contact Form Inquiries: Data submitted via contact forms will be kept for up to 12 months to ensure we have a record of the correspondence.
- Newsletter Subscription Data: We will keep your email address for marketing purposes until you choose to unsubscribe. Every marketing email contains an unsubscribe link.
- Analytics Data: Anonymized or pseudonymized data in Google Analytics is retained for 26 months to allow for year-on-year trend analysis.
7. Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
- The right to access: You can request a copy of the personal data we hold about you.
- The right to rectification: You can ask us to correct any inaccurate or incomplete data.
- The right to erasure (“right to be forgotten”): You can request that we delete your personal data, subject to certain legal obligations (e.g., our need to retain transaction data for tax purposes).
- The right to restrict processing: You can ask us to suspend the processing of your personal data in certain circumstances.
- The right to data portability: You can request that we transfer your data to you or another service provider in a structured, machine-readable format.
- The right to object: You can object to our processing of your data where we are relying on a legitimate interest. You have an absolute right to object to your data being used for direct marketing.
- The right to withdraw consent: Where we rely on your consent to process data (e.g., for newsletters), you can withdraw that consent at any time.
To exercise any of these rights, please contact us at info@zek.gr. We will respond to your request within one month.
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) if you believe we have not processed your data in accordance with the law.
Hellenic Data Protection Authority (ΑΠΔΠΧ)
- Address: Kifisias 1-3, PC 115 23, Athens, Greece
- Telephone Center: +30-210 6475600
- Website: www.dpa.gr
8. Data Security
We have implemented appropriate technical and organizational security measures to protect your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. These measures include:
- SSL/TLS Encryption: Our website uses SSL/TLS to encrypt data transmitted between your browser and our server.
- Data Encryption: We utilize encryption for data both in transit and at rest where possible.
- Access Control: Access to your personal data is limited to employees and third-party processors who have a business need to know.
9. Use of Cookies
Our website uses cookies to enhance user experience, analyze site performance, and for marketing purposes. Upon your first visit, you will be asked for your consent to use non-essential cookies via a cookie consent banner. For more detailed information about the cookies we use, please see our Cookie Policy
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on this page and updating the “Last Updated” date at the top.