Ι. INTRODUCTION

These terms govern the Personal Data Protection and Privacy Policy (hereinafter referred to as the “Data Policy” or “PDPPP”) governing the use and navigation on our website supernatural.club (hereinafter referred to as the “Website”) operated by the Greek private capital company under the trading name “EKLEKTIKON P.C.”, located at 8 Dagkli St, Kavala, Greece (VAT No: 801787180 / Tax Office of Kavala, General Commercial Reg. No 163312730000) (hereinafter referred to as the “Company”). The purpose of these terms is to describe the personal data that you provide to us, inform you about the Company’s policy regarding their processing and protection of your data, so that you understand the purpose of their processing, the categories of recipients, and the procedures that you can follow to exercise your legal rights.

Therefore, the management and protection of your personal data are governed by these terms and the relevant provisions of both the Greek and the European legislative framework regarding the protection of individuals from the processing of personal data and, specifically the General Regulation on the Protection of Personal Data (hereinafter the “EU Regulation 2016/679”) and Law 4624/2019 (hereinafter the “Regulatory Framework”).

Any possible future changes to the above regulatory framework will also apply to these terms. We may occasionally modify this Policy, either in whole or in part, at our sole discretion. Any changes hereto will take effect immediately upon posting the modified Policy on the Website. By continuing to use the Website and its services and the services of the Online Store after such modifications have been made in accordance with the above, you are deemed to accept these modifications without reservation. If you do not agree with the terms hereof, as may be modified, you should stop using the Website and the Online Store. In such a case, the data you have provided to us will be completely deleted.

The security and protection of your personal data are a priority for us. Therefore, we commit to handling your personal data responsibly. This website includes links to other websites that are operated by third parties (individuals or legal entities). These third-party websites are governed by their own separate privacy policies. The Company is not responsible for the privacy and data management practices of these external websites.

ΙΙ. PERSONAL DATA PROTECTION POLICY

1. DEFINITION OF PERSONAL DATA

Personal Data refers to any information relating to an identified or identifiable natural person. This includes details such as the person’s name, address, date of birth and gender, mobile phone number, e-mail address, as well as usage data such as member name, password and IP address.

2. PERSONAL DATA WE COLLECT

When you visit our Website and Online Store, we collect personal data in order to:

a) Register you as a member of the Website and create an Account for purchasing products;

b) Subscribe you to our Newsletter Service;

c) Ensure we can communicate with you regarding your orders and updates our new products;

δ) Allow you to contribute, if you wish, to statistical processes aimed at creating and providing personalized offers;

e) or enable you to exercise your rights under the law and the Terms of Use and Transactions.

We collect the following personal data:

Full name: We collect your first and last name for processing purchases from our Online Store and when you want to register as a member on the Website and create an account.

Email Address: We collect your email address to register you for our Newsletter Service, which sends you updates about the Company and its products/services, any offers, etc., as well as for membership registration on the Website and account creation.

Postal address: We collect your home or business address (street, city, postal code) for delivering the products purchased through our Online Store.

Landline Phone Number: We collect your landline phone number for processing purchases from our Online Store.

Mobile Phone Number: We collect your mobile phone number to send you SMS messages with updates about the Company and its products/services.

Credit Card Information: We collect credit card details only if you choose to make a purchase through our Online Store using this payment method.

Identification Number: We collect your Identification Number to ensure verification with your credit card details only if you choose to make a purchase from our Online Store using this method. Otherwise, providing this information is not necessary to provide for completing your purchase.

Billing Information: Your billing details are required for issuing invoices, such as company name, VAT number and business address.

For browsing the Website and the Online Store, the Company does not request any personal information from you.

3. PURPOSE OF PROCESSING PERSONAL DATA

The personal data provided on any page and service of the Website is used exclusively for the following purposes:

• To complete the transactions with us;

• To communicate with you, if you wish and consent to this purpose. Each newsletter allows recipients to opt out of receiving further newsletters from us, by requesting via email at support@supernatural.club or through the member account settings, or by following the unsubscription procedures outlined in each informational email you receive from us;

• To improve the services provided and ensure the proper functioning of the relevant service for which you have provided data;

• To create a profile with your consent for personalizing services and products;

• For statistical purposes and to improve the services and information provided. This data will not be used by any third party (except where required by law for competent authorities), in compliance with data protection regulations as applicable;

• For our legitimate interests or to comply with national and/or European legislation.

The Company operates in accordance with applicable Greek and EU laws and securely maintains your personal data for as long as you are registered with any service on the Website. Data is deleted after the end of the business relationship, regardless of how it ends. Specifically, member data (account details) are retained on the Company’s servers for a period of five (5) years from registration, during which you retain all rights to deletion, updating, etc. In summary, we request only the information needed to provide you with a distinct shopping experience: reliable delivery of your ordered products, secure payment of your order, and personalized service based on your needs and preferences.

Our website uses tools that allow us to collect personalized information about our website users and consumers of our services/products, such as sign-up forms for newsletters, contact forms, personalized product suggestion banners, and contest entry forms. The information collected from these tools is processed to identify your potential interests, product categories/brands you might like, and specific products you may be interested in. This helps us communicate with you through personalized messages and product suggestions, better understand our customer base and their needs, improve our products and services, and run relevant campaigns or advertising efforts.

4. RECIPIENTS OF THE DATA AND PURPOSE OF TRANSFER

We may transfer your personal information to our representatives and/or subcontractors to support, promote, and execute our business relationship with you. However, such transfers will always be made under conditions that fully ensure that your personal data is not subject to any unlawful processing, i.e., processing other than the purpose for which the data was transferred as described above. For example, we reserve the right to transfer your personal data to shipping companies we work with to deliver your purchased products from our Online Store, to credit card providers for processing your payment resulting from a purchase from our Online Store, to third parties—whether individuals or legal entities—that may provide promotion and marketing services on our behalf for our business or our products/services, or to our third-party partners who provide us with technical services, such as hosting and technical support services.

Please note that these categories of data recipients are processors acting on our behalf and therefore do not process your data beyond the purposes of the transfer mentioned above. Access to your personal data is restricted to specific employees of the Company, and unauthorized access to your personal data is prohibited. We have taken all reasonable measures to ensure the security of your data.

In exceptionally rare and specific cases, your personal data may be disclosed to businesses partnering with the Company. The Company will not sell, transfer, or disclose personal information of visitors/users of its website to any third parties, other than those mentioned above, without the visitor/user’s consent, except where required by applicable legal provisions and to competent authorities only.

The records held may be disclosed to the competent judicial, police, and other administrative authorities upon their lawful request and in accordance with the applicable legal provisions. Additionally, in the case of a legal order, official directive, or formal preliminary examination, the Company has the right, without any further conditions, to provide the relevant information to the corresponding authority.

5. Retention Period for Personal Data

We retain your personal data for as long as necessary to fulfill the purposes of this Statement, unless the applicable legislation requires or permits a longer retention period. When processing is required for an extended period due to legal obligations under the current legal framework, your personal data will be stored and processed for as long as those regulations dictate.

When processing is based on a contract between us, your personal data will be stored for as long as necessary to execute the contract and to establish, exercise, or support legal claims of our Company or yours based on the contract.

For the purpose of executing transactions through our Online Store, we will keep your personal data for the period deemed absolutely necessary.

For direct marketing/promotion purposes, provided you have consented, we will retain your personal data for five (5) years, during which you retain all your rights, unless you revoke your consent or request their deletion in the meantime.

Our Company may continue to store your personal data for a longer period if necessary to protect its legitimate interests in relation to potential liability associated with the provision of the Service.

5. USER CONSENT

By engaging in any transaction and using any of our Services in accordance with the Terms of Use of supernatural.club, you consent to this Personal Data Protection Policy.

Account Information: If you provide bank account details in your member account, you consent to the Company using this information for any potential refunds to you in the event you exercise your right of withdrawal in accordance with the Terms of Use and the Law.

Use for Advertising Purposes: By subscribing to our Newsletter, you consent to the Company processing and using your personal data for marketing purposes, specifically for sending emails with general or promotional information (newsletters) about our products and services.

If you wish, the Company will refrain from using your personal data for advertising purposes, provided you follow the procedures for unsubscribing from the list of registered members receiving our newsletters. You can send an email to support@supernatural.club or adjust the newsletter settings in your member account, or unsubscribe by following the procedures specified in each promotional email you receive from us.

Disclosure in Case of Legal Requirement / Disclosure to Services in the Absence of Legal Requirement: Since data disclosure is not permitted by law, you consent to the disclosure of your personal data to law enforcement and supervisory authorities for necessary protection against risks to state and public security, as well as for the prosecution of criminal acts.

6. TRANSFER AND STORAGE OF PERSONAL DATA

Your data is transferred with encryption.
Your data is stored:

· On servers in the European Union and on Mailerlite servers for those who have subscribed to our Newsletter;

· On Flywheel hosting servers in the USA, the United Kingdom, Canada, Belgium, and Australia for users who have placed an order.

The Company does not store or manage credit card data.

7. RIGHTS

You may exercise the following rights in accordance with the terms and specific provisions of Regulation (EU) 2016/679 and Law 4624/2019:

· The right to access your personal data held by us and information related to its processing;

· The right to correct any inaccurate personal data;

· The right to object to the processing of your personal data when there is a legitimate interest, including the right to object to automated processing of your data and its use for marketing purposes;

· The right to restrict the processing of your personal data, meaning you can request suspension of processing if you dispute the accuracy of the data, have objections to the processing, or have a legitimate interest as defined;

· The right to data portability, meaning you can receive your personal data that we hold and which has been collected with your consent, to use it elsewhere as you wish;

· The right to deletion (“right to be forgotten”) of your personal data without undue delay upon your request, subject to the conditions set by the applicable Greek data protection legislation and Regulation (EU) 2016/679;

· The right to withdraw consent. In cases where we process your personal data based on your consent, you also have the right to withdraw your consent at any time or modify the level of consent you have granted, without affecting the legality of processing for the period before the withdrawal of consent;

· The right to be informed about breaches of your personal data and, in the case of unlawful processing, the right to file a complaint with the competent Greek Data Protection Authority (http://www.dpa.gr/).

For the above purposes, any requests should be addressed in writing to the Company at support@supernatural.club.