(and information on the processing of personal data)

The company with the name “KOSTIMPAS V. MICHAIL” and with the distinctive title “Princessa by Kostibas Fashion – Bijoux & Accessories” based in Thessaloniki, 22 Aristotelous Street (hereinafter “the Company” or “we” or “us”) bears the status of Personal Data Processor.

Protecting your fundamental right to the processing of your personal data is a top priority for us. The Company processes your personal data in accordance with the General Regulation for Data Protection (GPA or GDPR (*)) and any other relevant applicable national and European legislation.

Purpose of this policy

The purpose of this policy is to inform you about:

  • the collection, storage, use, disclosure and general processing of your personal data when you visit, register or use the Company’s website, as well as when trading with its physical stores,
  • the purposes of processing, as well as how your personal data is processed,
  • the duration of the retention of your personal data,
  • the measures we take to protect your personal data, and
  • the rights you have as subjects of personal data and the procedures for exercising those rights.


The following concept has been assigned to the following terms, within the meaning of this policy and in accordance with the GCC:

“Personal data” means any information relating to an identifiable or identifiable (**) natural person (hereinafter referred to as “personal data” or “personal data” or “data”. Personal data is the information that identifies or may identify you , such as name, postal address, e-mail address, contact telephone number, tax registration number, etc.

“Processing” means any operation or sequence of operations performed with or without the use of automated means, on personal data or on personal data sets, such as the collection, registration, organization, structure, storage, adaptation or change, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

“Controller” means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and manner of processing personal data, in this case the Company.

“Performer of processing” means the natural or legal person, public authority, service or other entity that processes personal data on behalf of the controller, in this case on behalf of the Company.

“Recipient” means the natural or legal person, public authority, service or other body to which personal data are disclosed, whether third party or not.

“Consent”: any indication of will, free, specific, express and fully aware, by which you, as the data subject, express that you agree, with a statement or a clear positive action, to process the personal data concerning you.

“Breach of personal data” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.

“Website”: the website (site) is the Company’s website, where the online store for the presentation and sale of the Company’s products and services is located (hereinafter referred to as the “website” or “online store” or “website”).

“Social networks”: the pages maintained by the Company on social networks (Facebook, Instagram, twitter, linkedin, etc.) in which you can become a member if you wish.

Principles of data processing

We ensure the legal processing of your personal data. Specifically, we process your personal data according to the principles:

– legality, objectivity and transparency,
– the limitation of the processing purpose,
– data minimization,
– the accuracy of the data,
– the limitation of the data storage period, and
– data integrity and confidentiality.

We ensure the effective protection of your personal data at all times by taking all necessary and appropriate technical and organizational measures.

Protection of minors

Our website is aimed at adults. Minor users have access to our services only with the consent of their parents or guardians and have no obligation to submit their personal information. In case of submission of such data by minors, the administrators of the website delete the relevant information. In case of submission of false personal data during the registration of a member, the Company does not bear any responsibility.

What data do we collect and process and how

The personal data processed by our Company are appropriate, relevant and limited to the necessary extent for the specific purposes for which they are processed. We collect and process the following personal data:

Personal data directly from you

We collect and process the following data that you freely choose to provide to the Company:

if you register as a user and create an account in our online store, by entering the required information in the respective fields, in order to submit a request for offer, to process a transaction (order, purchase of products) and so that we can contact you your.

The following data is required to request a quote or to make a transaction (orders, purchases): name, surname, postal address, e-mail address, landline and mobile phone number and, if you request an invoice, quality/profession, ΑΦΜ & ΔΟΥ.

If you make a purchase by credit or debit card, you will be asked for information such as holder name, card number, expiration date and CVV number. During the payment process, we do not record or store payment information in this transaction, such as credit card numbers or other bank or other information. You provide this information directly to your respective payment service provider only.

If you only want to create an account on our website, only your e-mail address and the creation of a password (login password) are required.

The fields that are necessary for conducting a transaction with the Company have been marked as mandatory.

The provision of your mandatory personal data constitutes a legal or contractual obligation or requirement for the conclusion of the sales contract or the provision of other services at your request, such as the provision of an offer for the purchase of the products of your choice. Therefore, if you wish to purchase products from our Company, you are obliged to provide this data and any refusal to provide the necessary personal data makes it impossible to conclude and / or execute the sales contract.

The following personal data are kept in written form and/or by electronic and magnetic means:

  • if you register as customers of the Company’s products and services in our physical store,
  • if you contact us by e-mail,
  • if you explicitly state that you wish to receive newsletters from us, we collect and process the data concerning your preferred way of information (via email, sms on your mobile phone, message on social networks, messenger applications, etc.),
  • if you subscribe to the social networking groups maintained by our Company on social networks (Facebook, Instagram, etc.), and contact us through these networks, we may also store your username on these networks,
  • if you contact us through the messenger applications for computers and mobile devices (skype, viber, whatsapp, facebook messenger), we may also save the username in these applications,
  • if you send your CV or request for expression of interest for employment or cooperation with our Company, we will keep your CV for a reasonable period of time.

Automatic data

In addition to the personal data necessary for the conduct of transactions and communication between us, during each of your visits to our website, some non-personal data are automatically collected for technical reasons for your use of our website, of which can not be identified (automatic data / information), such as:

  • Technical information: the Internet Protocol (IP) address provided by your Internet access provider on your computer to connect to the Internet, your Internet browser, the country and telephone code of your computer,
    information about the website from which you visited our website or websites that you have previously browsed or websites that appear during your visit, the ads that you click, or the search terms,
  • Traffic information of our website: the date and time you accessed our website and the sections of the website you visited or the products you saw,
  • products and services that you preferably choose, in order to improve the shopping experience,
  • information collected from the use of cookies in your browser.

As a general rule, we process automated data only to the extent necessary for technical reasons for the operation and protection of our website against attacks and abuse, as well as in a pseudonymous or anonymous form for statistical purposes and to improve the experience. from browsing our website and our level of customer service.

From third parties

We may collect and store some of your information from third parties, such as information about the delivery of products or your address from courier companies.

Image data

If you visit our physical stores your image can be recorded in a video surveillance system (CCTV).

Other data

We process information related to comments, product reviews and complaints of our customers. For what purposes we collect and process your data We collect and process your personal data the following Purposes:

– the execution and management of the contractual relationship between us (sale of products and / or provision of services),

– the facilitation of communication between us for your better service. For example, we may contact you by phone or e-mail or other means to request clarification on your quote or order or to inform you of product availability, progress, shipping and delivery of your order, management of your debts, return of products, refund of money, provision of guarantees, for the answer to your questions, complaints and requests, etc. – the Company’s compliance with the obligations imposed by the applicable European and national legislation (e.g. x. tax legislation, e-commerce legislation) or a court decision;

– safeguarding our legal interests, such as for the security of premises and persons in our physical stores, fraud prevention, ensuring network security, out-of-court and legal litigation of our legal claims,

– managing the registration as a user and creating a user account, in order to provide you with account functions and to facilitate the purchase of products and / or services,

– controlling, improving and adapting to your preferences and choices about our products and / or services,

– protecting your account from fraud and other illegal activities,

– ensuring safe browsing and secure transactions in our online store.

– processing payments and preventing fraudulent transactions,

– if you have given us your prior consent, for advertising and information purposes (marketing), such as sending to any of your chosen means of communication (email, SMS, telephone, chat and social media) newsletters about offers, promotions and other commercial announcements about our products and services, or to conduct a customer satisfaction survey, or for web push notifications,

– the evaluation of applications and CVs for the purpose of recruitment in our Company.
The above personal data are kept in written form and / or by electronic and magnetic means.

Legal basis for the processing of your personal data

The processing of your personal data by the Company is based on one or more of the following legal bases:

(a) Execution of a contract: the processing is necessary for the purposes of concluding and executing the contract of sale or provision of services between us.

(b) Fulfillment of a legal obligation: the processing is necessary for the compliance with the legal obligation of the Company, as it results from the current legislation, European and national, that governs our operation (such as tax legislation, e-commerce legislation, consumer protection , etc.)

(c) Safeguarding your vital interests as data subjects.

(d) Fulfillment of legal interests of the Company: such as the protection of persons, facilities and goods within our physical stores, provided that they obviously exceed your rights, and processing is absolutely necessary to fulfill these interests. In this context we use closed circuit television (CCTV) and security cameras in physical stores.

* In certain cases, we collect your Data in a way that is reasonably expected as part of the operation of our business and that does not substantially affect your rights, freedoms or interests.

(e) Establishment, exercise or support of legal claims of the Company, in court and out of court.

(f) Consent: When the processing of the data is not based on any of the above legal bases or when the consent is required by law, the processing will take place if you have previously given your written, explicit and free consent (for example for sending newsletters). You can revoke your consent at any time with future validity.

Recipients of your personal data

The processing of personal data is carried out either by the specially authorized personnel of the Company, or through computer systems and electronic devices by the Company and exceptionally by third parties.

The Company shares and discloses to third parties only the personal data absolutely necessary for the provision of the specific services by them. Specifically, we disclose the necessary data to:

Third party service providers / partner companies or professionals / suppliers who process personal data on behalf of the Company, and act as executors of the processing.

Examples include: IT service providers (management and maintenance of information systems) and technology, management and maintenance of our data, web hosting, advertising / marketing (marketing), research and analysis, sending emails and sms, customer service, banking companies ( for credit card and payment processing), postal services, couriers and transport, tax or legal advisers.

The above processors on our behalf process the data in accordance with our instructions, have all the responsibilities provided by law and provide sufficient assurances for the implementation of appropriate technical and organizational measures, so that the processing meets its requirements. law and ensure the protection of your rights. In particular, the processors on our behalf have agreed and contractually agreed with the Company: to use the data only for the specific purposes specified in their contract with us, to ensure the confidentiality of the data, not to disclose or transmit data without the permission of the Company, to comply with the legal framework for the protection of personal data and, in case of termination of the contractual relationship between us, to immediately delete the data they hold or to make them anonymous.

Other third parties, in so far as is required for the following purposes: to prevent illegal uses of our website or breaches of our Website Terms of Use and policies, (c) for our own protection against third party claims, and (d) to help prevent or investigate fraud cases (e.g. . Cyber Crime).

Transfer of personal data

The personal data that we collect and process are stored in Greece and possibly in other countries within the European Economic Area (EEA), if they are located within the EEA. our suppliers or service providers. In case the transfer of your data to other countries outside the EEA is required, we will ensure that your personal data will be protected in the same way as it would be done within the EEA.

Period of retention of your personal data

Your personal data is processed and kept only for the period of time required to fulfill the purpose for which it is collected and processed, unless a longer period of data retention is required by applicable law.


We keep your personal data for as long as you keep a user account in our online store. If you delete / delete your account, without having made a purchase, the personal data related to your registration on our website will be deleted within a reasonable time and in any case within three (3) months from the deletion of your account .

Your personal data regarding product purchases is kept for five (5) years from your last purchase. They may be retained for a longer period of time, if required in order to comply with the legal obligations imposed by law, such as tax law, commercial law, etc. In case of legal claims, the data will be kept until an irrevocable court decision is issued.

The personal data we process with your consent (eg for informational, advertising, product promotion purposes) is retained until your consent is revoked. Your statement of consent is kept for as long as newsletters are sent and up to six (6) months from the cessation of sending newsletters.

Upon expiration of the necessary storage time, your personal data will be completely deleted or anonymized, ie will be collected with other data, so that they can be used in an unrecognizable way for statistical analysis and business planning.

The data collected using cookies are kept only during the user session.

Curriculum vitae / applications for employment with the Company are kept for six (6) months from the filling of the position and / or the sending of the CV, unless you give your consent for their retention for a longer period of time in order to be informed about any new jobs.

The video data from the operation of the video surveillance system (CCTV) and cameras in our physical stores are destroyed in fifteen (15) working days, as long as the capture of stored images or the capture in real time does not result in an incident.

Protection of your personal data

The Company implements the most advanced security systems and procedures and takes all appropriate organizational and technical measures for maximum security and protection of your personal data from any form of accidental or improper processing. At regular intervals we test, evaluate and evaluate the effectiveness of all technical and organizational measures that we implement and adapt them as required to the prevailing technology standards.

Website Authentication / Encryption

The website uses the Security Layer Transport (TLS) 1.2 encryption protocol to secure secure online trading (key exchange: ECDHE_RSA with P-256, cipher: ES_256_GCM). Through this template, your personal data is kept secure through encryption, while ensuring that no third party can monitor, violate or change messages when servers and clients communicate.

To process your credit card transactions you must follow the instructions in our online store and fill in the (secure) order form along with all the necessary accompanying documents and details (name of the holder, card number, expiration date, CVV ). The personal data entered for the payment is not channeled to the Company, nor is it stored in its system, but only in the bank that manages your card.

Account User Identification

The information used to identify you as an account user and to access your personal account (“My Account”) on our website / online store is:

(a) your password or e-mail address (username or email)

(b) the personal secret security code (password).

By registering the above data, the security of your personal data is ensured through encryption during their transfer to the internet and the servers of the Company.

Although we take all necessary measures to protect your personal data, you as account users must follow the required security measures. Since only the user knows the security code (password) to log in to his personal account, you are solely responsible for ensuring the confidentiality of this password, so that it is not used by third parties. We recommend that you use the feature provided on our website to change your security code at regular intervals. Also, if you are sharing a computer, make sure you are logged out of your account.

Restriction of access to data

The Company takes all the necessary security measures in order to be allowed access to your personal data within the Company only to the competent and duly authorized persons within the framework of their duties and only for the purposes of processing. In this context, anyone who has access to your personal data is committed to maintaining the confidentiality of your data.

Security in case of data transfer

As described in detail above in the section “Data Recipients”, the Company always ensures the protection of your data in case of sharing, transfer or transmission of your data.

Your rights

As a data subject you have the following rights:

Right to information: The right to complete, transparent, easily accessible and understandable information for the processing of your personal data.

Right of access: The right to receive confirmation from the Company as to whether or not the personal data concerning you are being processed, and if so, the right of access to the data and processing information.

Right of correction: Right to demand from the Company without undue delay in the correction of any inaccurate personal data and the completion, among other things, through a supplementary declaration of any incomplete personal data concerning you (eg change of address). In any case, as long as you maintain a user account you can log in to it and make any corrections / changes without the need for a request.

Right of deletion: Right to demand from the Company to proceed without undue delay in the deletion of personal data concerning you, provided that the specific conditions set out in the GCC are met (Article 17 GCP).

Right to restrict processing: The right to secure from the Company the restriction of processing, provided that the specific conditions provided by the GCP are met (Article 18 GCP).

Right of objection: The right to object, at any time, to the processing of personal data concerning you for reasons relating to your particular situation. In this case, the Company will no longer subject personal data to processing, unless it demonstrates that there are compelling legal reasons for the processing of such data, which outweigh your interests, rights and personal freedoms or for the establishment, exercise or support of legal claims of the Company.

Right to data portability: If the processing is carried out by automated means, the right to receive the personal data concerning you, and which you have provided to the Company, in a structured, commonly used and machine-readable format, as well as the right to be transmitted , if this is technically possible, the data in question to another controller without objection from the Company.

Revocation of your consent: In the event that the processing of your personal data is based on your prior consent, you may revoke your consent at any time (ie revocation of the consent is valid only for the future and does not affect its legality). based on your consent during the period until its revocation). If you maintain a user account on our website, you can revoke your consent so that you no longer receive from us communications for advertising, information and promotional purposes (newsletters “), by sending an email to info @ princessa .store.

Right of complaint: If you consider that the personal data concerning you have been processed in a manner that violates the GCP and the principles set forth herein, you have the right to file a complaint to the Personal Data Protection Authority (

Exercise your rights

In the context of exercising the above rights, the Company undertakes the obligation to satisfy these rights as soon as possible and in any case within one (1) month from the receipt of the relevant document of your request. This deadline may be extended by another two (2) months, if required, due to the complexity or number of applications. In this case, you will receive information from us about this extension within one month of receiving the request, as well as the reasons for the delay.

If the request is made by electronic means, the information is provided, if possible, by electronic means.

If we do not act on your request, we will inform you, without delay and no later than one month from the receipt of the request, of the reasons why we did not act and of the possibility of filing a complaint with a supervisory authority and filing a lawsuit.

Upon request, we will ask you to verify your identity. In the event that you authorize a third party to submit a request on your behalf, we will require you to provide written authorization for that action.


Our website may use cookies for:

  • The optimal functionality of the website.
  • Improving the visitor / user experience while browsing it.
  • Measuring Website Traffic.
  • Improving the Overall Quality of the Company’s products and services, for Statistical and promotional purposes (marketing).

Delete cookies

You can delete cookies stored on your computer, for example:

(a) in Internet Explorer (version 11), you must delete the cookie files (instructions on how to do so are available at ie = ie-11).

(b) in Firefox (version 36), you can clear cookies by selecting “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, selecting “Show Cookies” and then select “Remove All Cookies” and

(c) in Chrome (version 41), you can delete cookies by selecting the menu “Customize and control” and then “Settings”, “Show advanced settings” and “Clear browsing data” and then selecting “Cookies and other site and plug -in data “before selecting” Clear browsing data “.

Deleting all cookies will have a negative impact on the use of the website and you will not be able to use all its functions.

Automated decision making / Profile building

We do not make automated decisions, nor do we make profiles.


The website contains links to other websites. This privacy policy applies only to the data collected from our website / website and we have no responsibility for the privacy practices of these websites.

Policy update

This policy was last modified on 2 November 2020.

From time to time this policy will be amended and updated when and as required by applicable national and European legislation, without prior notice to users. We therefore recommend that you check this page regularly for any revisions to this policy.

Use of our website / online store signifies your unconditional acceptance of the terms of this privacy policy.


For any issue regarding the processing of your personal data and the exercise of your rights, you can contact us at 2313098839 and at the e-mail address (info): [email protected].

(*) European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 “on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC”.

(**) An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identity identifier, such as name, identification number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.


No account yet?

0 items Cart