This Privacy Policy is an integral part of the Terms and Conditions of operation of our Company’s Website, through which our online store (e-shop) operates, which you can access by clicking here.

Responsible for the processing of your personal data, which you disclose to us and we process, in accordance with EU Regulation 2016/679 (General Regulation on Data Protection) is the limited liability company "GNASTYLE ( EVANGELIDOU EUGENIA )" with the d.t. "GINESTRA", which is based in Metamorfosi, Attica, at 4 Navarinou & Niovis Street, PC 14451 with registration number 122394401000 and is legally represented by its President, Mr. Evangelidou Evangelia - Aliki.

GINESTRA may collect your personal information in accordance with applicable law. Indicatively, it is possible for us to collect your personal information when you offer it in one of our stores, register on our Website or make online purchases of our products (online purchases).

We value and respect your privacy, as much as possible, in combination with the necessary proper operation of our Website and the due good use of it by you.

We assure you that any personal information you provide to us remains strictly confidential.

                                                                                                                                                               KEY DEFINITIONS

The following are the basic definitions of the terms used herein, as set out in Article 4 of the General Data Protection Regulation (EU) 679/2016, so that data subjects and anyone interested can become aware of and become familiar with them.

Personal Data
It is any information concerning an identified or identifiable person ("data subject"). An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, identity number, location data, online identifier or one or more factors specific to the identity. physical, physiological, genetic, psychological, economic, cultural or social identity of that person.

Personal Data of special categories
They are personal data, which are by nature particularly sensitive to fundamental rights and freedoms, which need special protection, as the context in which they are processed could pose significant risks to them. They include (a) personal information, which discloses racial or ethnic origin, political views, religious or philosophical beliefs or trade union affiliation; and (b) relates to the processing of genetic data, biometric data, etc., data relating to health or data relating to the sexual life of a natural person or sexual orientation.

It is the natural or legal person, public authority, service or other body that, alone or in conjunction with others, determines the purposes and manner of processing personal data.

Person performing the processing (Processing Executor)
It is the natural or legal person, public authority, service or other body that processes personal data on behalf of the processor .

It is any operation or series of operations performed with or without the use of automated means, in personal data or in personal data sets, such as the collection, registration, organization, structure, storage, adaptation or modification, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

Restriction of processing
It is the labeling of stored personal data in order to limit their processing in the future.

It is the Personal Data Protection Authority.

                                                                                                                      WHAT KIND OF PERSONAL DATA WE COLLECT FOR YOU

We do not voluntarily collect personal data unless you wish to provide it to us. For example, if you would like to register on our Website or participate in an online survey, you may be asked to provide certain information, such as contact information (eg name, email address, postal address, telephone number), age and date of birth, sex, username and passwords, refer to issues that concern you regarding the use of our products, as well as information about the related items you use.

In case of online purchases on your part, we will need additional information regarding the charge, the place of delivery and the payment details.

If you do not wish of us to collect your personal data, please do not provide this information to us.

                                                                                                                                     HOW WE COLLECT YOUR PERSONAL DATA

We collect information about you, indicatively, in the following cases:

1. When you register on the Website
2. When contacting us, to request information or to inquire about our products and services.
3. When you buy products from us.
4. In the context of marketing actions or research by us, as long as the legal conditions are met.
5. From other companies cooperating with us, our stores or our business partners, which legally transmit to us your personal data.

If you provide us with personal data on behalf of a third party, you must ensure that such third party has previously been aware of your intentions and this Privacy Policy.

In order to keep the information that concerns you up to date, please let us know of any changes to the data that you originally informed us and we are processing for you.

                                                                                                                                        HOW WE USE YOUR PERSONAL DATA

The data we collect about you is mainly used to:

Create and manage your online account

To execute your orders for the purchase of products and the provision of our services
To respond to your requests
Let you know about our products and services, our news or our offers or other topics of possible interest to you, as long as the legal conditions are met.
To contact you for any issue related to your use of the Website
Do a market research, as long as we have your consent
To comply with our legal obligations.

In the event that we intend to use your information for purposes other than the above, you will be informed accordingly, in a timely manner and in any case prior to this different use.

                                                                                                                               THE LEGAL BASIS OF PROCESSING YOUR DATABASE

Depending on the purpose for which we use your data, the legal basis for processing it may be:

A) The execution of the contract and its preparatory stage (Article 6, par. 1b) GDPR), e.g. to provide you with the product or service you requested (such as creating an online account, receiving and executing your order, etc.)
B) Compliance with our legal obligations, when the processing is required by law (article 6, par. 1 ')
C) Your consent, e.g. for promotions and market research (Article 6, paragraph 1a)
D) Our legal interest, e.g. to better understand your needs and expectations, to improve our products and services and to ensure that the Website remains secure (Article 6, paragraph 1f)

                                                                                                                                                       RECIPIENTS OF YOUR DATA

GINESTRA does not make any use or related use and does not transmit or otherwise disclose your personal data to third parties without your consent, except as described below.

GINESTRA may "share" your personal data with:
Service Providers who, as Processing Executors, offer services on our behalf, under the strict supervision and in accordance with our instructions
Companies affiliated and / or cooperating with us, within the framework of their responsibilities and in accordance with the provisions of the prefecture for international data transmissions, if they require application
Our Partners, for the sole purpose of referring to this Privacy Policy
Any public or judicial authority, if required by law or by court order

                                                                                                                    TRANSMISSION OF PERSONAL DATA TO THIRD COUNTRIES

Your personal data is normally processed within the European Union. Unless, of course, their transfer to third countries is required, this will only happen after your prior notification and as long as we ensure that they are processed under the appropriate guarantees of protection of their confidentiality and integrity.

Some countries outside the European Union have already been formally recognized as providing an "adequate" level of data protection. Therefore, the transmission of data to them does not require any permission or agreement.

For countries for which no relevant decision (adequacy) has been taken, you will be asked for your explicit, additional, consent for this transfer, while there is also the possibility of using specially approved contractual clauses by the EU, which impose directly to the recipient corresponding to the data protection regulatory obligations.


If you are not over 15 years of age, you have the opportunity to browse freely on our Website. However, you can not provide us with any information about you without the necessary consent of the person exercising parental responsibility. Our Website is not designed for children, therefore, in accordance with the current legislation (article 8 GDPR in combination with article 21 of law 4624/2019) we do not consciously and knowingly collect personal information regarding them.

                                                                                                                        INFORMATION COLLECTED BY AUTOMATED MEDIA

When you visit our Website we collect specific information by automated means, using technologies such as cookies, web beacons and log files.

                                                                                                                    ESTIMATED TIME OF STORAGE OF YOUR PERSONAL DATA

We store your data for as long as it is absolutely necessary, in order to fulfill the intended purpose of their processing. This period may be extended, if required by law (eg until any claims, insurance and tax liabilities are statute-barred by law, until their irrevocable judicial settlement, etc.).

In the event that the processing is based on your consent, the data is kept for the time that is consistent with the purpose for which it was provided to us, unless you withdraw before the expiration of that time.


We need to implement a variety of artificial and organizational security measures, including SSL, in accordance with existing standards for online and offline personal security of your data. If you have any questions about the measures and general protection provided through the Website, please email


The Website may provide links to other websites, third parties, solely for the convenience and information of our visitors. These websites are not under our control and are governed by their own privacy policy. Therefore, for your safety, please read these Policies.

We take no responsibility for the content or privacy practices of these websites or for any use of them.

                                                                                                                                      YOUR APPLICABLE PRINCIPLES AND RIGHTS

Our current Policy and the process based on it, which our Company carries out, is based entirely on the following principles:

Legality, Objectivity and Transparency in processing,
Restriction of the purpose of processing,
Minimizing the data being processed,
Accuracy and Update of the data being processed,
Integrity and Confidentiality in processing,
Limitation of retention / storage time,
Compliance with the current legislative and regulatory framework and

Our Company bears the responsibility and is, at any time, able to prove its compliance, on an ongoing basis, with the above principles, as those in this Policy are specified.

Furthermore, GINESTRA monitors, reviews and updates at regular intervals and, in any case, when necessary, this Policy, taking into account the applicable legal and regulatory framework.
You have the right to request access to your personal data, correction / deletion of your personal data, restriction of processing, the right to object to the processing and / or to exercise your right to data portability, in accordance with specific and detailed provisions of the General Data Protection Regulation (GDPR, Articles 12-22).

If the processing of data is based on your consent, you are free to revoke it, at any time, with effect for the future (GDPR, Article 7).

                                                                                                                                                                    TRANSACTION SECURITY

GNASTYLE (EVANGELIDOU EVGENIA), with the d.t. "GINESTRA" recognizes the importance of the issue of security of your Personal Data and your electronic transactions and takes all necessary measures, with the most modern and advanced methods, in order to ensure maximum security. All information related to your personal data and transactions is secure and confidential.

The security of GNASTYLE ( EVANGELIDOU EVGENIA ), d.t. "GINESTRA" online store is achieved through the following method:

User identification : For your identification, your e-mail and your personal secret security code (password) are used, which each time you enter them provide you with access with absolute security to your personal data. You are given the opportunity to change your Personal Secret Password and your e-mail address as often as you wish.

The only one who has access to your information is you, through the above codes and you are solely responsible for maintaining its secrecy and concealment from third parties. In case of loss or leakage, you must immediately notify us, otherwise the online store of GNASTYLE ( EVANGELIDOU EVGENIA ), with d.t. "GINESTRA" is not responsible for the use of the secret code by an unauthorized person. We recommend, for security reasons, to change your password regularly and avoid using the same and easily traceable passwords (e.g. date of birth). We also recommend that you use not only letters and numbers, but also symbols to create passwords.

Paying by card is an absolutely secure payment method for our customers. GNASTYLE ( EVANGELIDOU EVGENIA ), with the company "GINESTRA" will never have knowledge of your card or account information. For the payment of the order, the system redirects you to the website of ALPHA BANK, without coming into contact in any way with your credit/debit card details and data. This information is transferred from you using an encrypted connection to ALPHA BANK through their secure transaction systems.

All payments made using a card are processed through Alpha Bank's electronic payment platform "Alpha e-Commerce" and uses TLS 1.2 encryption with 128-bit encryption protocol (Secure Sockets Layer - SSL). Encryption is a way of encoding information until it reaches the intended recipient, who can decode it using the appropriate key.

Specifically regarding your credit card details you should know that:

Encryption (SSL) is used during the transmission of the order details from your computer to the server.

The card data are transmitted from your computer to the respective institution (Alpha Bank) that processes the electronic transactions without being forwarded or processed on the server of the website.

The website uses SSL (Secure Sockets Layer) encryption protocol for secure online commercial transactions. The SSL (Secure Sockets Layer) protocol is currently the global standard on the Internet for the authentication of web sites to web users, as well as for the encryption of data between web users and web servers. An encrypted SSL communication requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus protecting personal information in transit. In addition, all information sent using the SSL protocol is protected by a mechanism that automatically verifies whether the data has been changed in transit.

                                                                                                                          TREATMENT OF PERSONAL DATA VIOLATION INCIDENTS

Finally, in case our Company is informed of a possible or actual violation of personal data, it must immediately conduct an internal audit and take appropriate remedial measures, within a reasonable time, in accordance with the Personal Data Violation Policy. In the event of a risk to the rights and freedoms of data subjects, the Company is obliged to notify the Authority of the incident, without delay and in any case within a maximum of 72 hours.

You can exercise your above rights or obtain any further information you deem necessary by contacting our Company, as stated below:

Navarinou 4 & Niovis,
144 51, Metamorphosis,
Tel. 210 2812112


Finally, if any, related to the above, complaint and / or you are not satisfied with the use of your data by us or our response to any exercise of your above rights, you have the right to file a complaint to the Personal Data Protection Authority. (APDX), making use of the following elements:

Kifissias 1-3,
115 23 Athens,
Tel. 210 6475600