This Privacy Policy explains how THEODORA MARIA PETROVA STASINOPOULOU
operating the website thetaforceramics.com under the trade name
Theta for Ceramics (hereinafter the “Business”, “we”, “us”),
collects, uses, stores and protects your personal data when you visit or use our website and services.

We are committed to protecting your privacy and processing your personal data in accordance with the
General Data Protection Regulation (GDPR – EU 2016/679), the applicable Greek data protection
and electronic communications legislation, as well as the guidance of the Hellenic Data Protection Authority.

1. Data Controller & Contact Details

The Data Controller responsible for the processing of your personal data is:

THEODORA MARIA PETROVA STASINOPOULOU
Trading as: Theta for Ceramics
Website: www.thetaforceramics.com
Address: Ethnikis Antistaseos 26-28, Zografou 15772, Attica, Greece
Email: info@thetaforceramics.com

2. Principles of Processing

We process your personal data:

  • Lawfully, fairly and in a transparent manner.
  • For specified, explicit and legitimate purposes.
  • Only for as long as necessary for those purposes.
  • Using appropriate technical and organizational security measures.
  • Limiting the data to what is adequate, relevant and necessary.

3. Categories of Personal Data We Collect

Depending on how you interact with our website and services, we may collect and process the following categories of data:

3.1 Identification & Contact Details

  • Full name
  • Billing address
  • Delivery address (within Greece)
  • Telephone number
  • Email address

3.2 Order & Transaction Data

  • Details of products you purchase from our e-shop.
  • Order history and order value.
  • Products added to or removed from your cart.
  • Notes from our communication regarding your orders, questions, or complaints.

3.3 Account Data

When you create a customer account on our website, we process:

  • Username / account name.
  • Password (stored in encrypted form).
  • Account settings and saved addresses.

3.4 Communication & Marketing Data

  • Your preferences regarding newsletters and marketing communications.
  • Your feedback, comments and product reviews.
  • Records of communications with us (e.g. via email or contact forms).

3.5 Website Usage & Cookies

When you browse our website, we may collect, through cookies and similar technologies:

  • IP address and approximate location (country, region).
  • Device and browser information (type, version, operating system).
  • Pages you visit, time spent on each page and navigation paths.
  • Technical events such as clicks, scrolls and interactions with the website.

This information may be collected with the help of tools such as
Google Analytics and Microsoft Clarity,
in accordance with their respective privacy policies and our cookie settings.

3.6 Payment Information

Payment for orders can be made via:

  • Viva Wallet
  • Piraeus Bank

Your payment card details are processed directly in the secure environments of the above payment service providers
and/or bank systems. We do not store or have access to your full card details on our servers.

4. Purposes & Legal Bases of Processing

We process your personal data for the following purposes and based on the following legal grounds:

  • To process and deliver your orders (including order confirmation, shipment and delivery in Greece,
    payment processing, handling of returns and warranty issues).
    Legal basis: performance of a contract (Article 6(1)(b) GDPR) and legal obligations
    (tax and commercial law).
  • To provide customer service and support, including responding to your questions,
    requests or complaints.
    Legal basis: performance of a contract and legitimate interest (Article 6(1)(f) GDPR).
  • To manage your user account, if you choose to create one, so that you can access your details,
    order history and saved addresses.
    Legal basis: performance of a contract.
  • To send you newsletters and marketing communications about our products, offers, news and events,
    where you have given your consent or where permitted by law.
    Legal basis: consent (Article 6(1)(a) GDPR) or legitimate interest, where applicable.
  • To improve our website, products and services, including through analytics regarding
    traffic, performance and user interaction (using tools such as Google Analytics and Microsoft Clarity).
    Legal basis: consent (through cookies) and legitimate interest.
  • To comply with our legal obligations, such as tax, accounting and consumer protection legislation.
    Legal basis: compliance with legal obligations (Article 6(1)(c) GDPR).
  • To protect our rights and the security of our systems, for example in cases of fraud, misuse,
    or legal claims.
    Legal basis: legitimate interest.

5. Newsletter & Marketing Communications

If you consent, we may use your contact details, preferences and transaction history to send you
newsletters and marketing communications (e.g. by email or online campaigns) about our products,
offers and news that may interest you. You can withdraw your consent and unsubscribe at any time
by following the relevant link in our communications or by contacting us at
info@thetaforceramics.com.

6. Cookies & Analytics Tools

Our website uses cookies and similar technologies to ensure its proper functioning, improve your browsing experience
and produce anonymous statistics for analysis and optimization.

For analytics and usage statistics, we may use:

  • Google Analytics
  • Microsoft Clarity

These tools may process information such as IP address (in truncated or pseudonymized form), device and browser details,
pages visited and events on the site. You can manage your cookie preferences through your browser settings
and, where available, through any cookie banner or tool we provide on the website.

7. Data Retention

We keep your personal data only for as long as necessary to fulfill the purposes described in this Policy,
unless a longer retention period is required or permitted by law.

  • Data related to your customer account is retained for as long as your account is active.
    If you request deletion of your account, we will proceed accordingly, retaining only what is necessary
    for legal or legitimate reasons.
  • Data related to purchases and transactions is retained for the period required by tax and
    commercial legislation and for warranty purposes.
  • Data processed based on your consent (e.g. newsletter) is retained until you withdraw your consent.

After the expiry of the relevant retention period, your data will be securely deleted or anonymized (e.g. by aggregation)
so that they can no longer be associated with you.

8. Security Measures & Account Credentials

We implement appropriate technical and organizational measures to protect your personal data from accidental or unlawful
destruction, loss, alteration, unauthorized disclosure or access.

When you create an account, your access is protected by a combination of username and password.
Your password is stored in encrypted form and is known only to you. You are solely responsible for keeping your
password confidential and not disclosing it to third parties. If you suspect any unauthorized use of your account,
please notify us immediately.

9. Recipients of Your Data

Your personal data may be accessed, where strictly necessary, by:

  • Our specially authorized personnel.
  • Our website hosting and IT support providers.
  • Couriers / transport companies for the delivery of your orders within Greece.
  • Payment service providers and banking institutions (e.g. Viva Wallet, Piraeus Bank).
  • Analytics and digital tools providers (e.g. Google Analytics, Microsoft Clarity).
  • External consultants (e.g. accountants, lawyers), where required by law or for the protection of our rights.

In all such cases, we ensure that only the minimum necessary data is shared and that our partners
comply with the GDPR, usually in the capacity of processors, under appropriate contracts and safeguards.

10. Transfers Outside the EEA

Some of our service providers (for example, certain analytics or cloud services) may be located outside the
European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, such as
Standard Contractual Clauses (SCCs) and, where necessary, transfer impact assessments, in accordance
with the GDPR requirements, so that your data receives an equivalent level of protection.

11. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: to obtain confirmation as to whether we process your data and to receive a copy.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): to request deletion of your data when they are no longer necessary,
    or when you withdraw your consent (where consent is the legal basis), or when you object to processing and there is no overriding
    legitimate reason.
  • Right to restriction of processing: to request limitation of processing under certain circumstances
    (e.g. pending verification of accuracy).
  • Right to data portability: to receive the data you have provided to us in a structured, commonly used
    and machine-readable format, and to transmit it to another controller where technically feasible.
  • Right to object: to object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time,
    without affecting the lawfulness of processing prior to withdrawal.

To exercise any of your rights, you can contact us at
info@thetaforceramics.com. We may need to request certain information
to verify your identity before responding to your request, in order to protect your data from unauthorized access.

12. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint
with the Hellenic Data Protection Authority:

www.dpa.gr

13. Minors

Our website and services are intended for adults. We do not knowingly collect personal data from minors.
If you believe that a minor has provided us with personal data, please contact us so that we can delete such data.

14. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or the content
of these websites. We encourage you to read the privacy policies of such third parties before providing them with your data.

15. Geographic Scope of Services

Our e-shop currently delivers orders only within Greece. If this changes in the future, this Policy
will be updated accordingly, where relevant.

16. Applicable Law & Jurisdiction

The processing of your personal data is governed by Greek law, as formulated in accordance with the General Data
Protection Regulation (EU 2016/679) and the applicable European and national legislative and regulatory framework
on personal data protection.

Any dispute arising in connection with your personal data and this Policy shall be subject to the jurisdiction of the
Courts of Athens, Greece.

17. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal or
regulatory requirements. We encourage you to review this page periodically to stay informed about how we protect your data.

This version of the Privacy Policy is effective as of the date of its latest update.