Privacy Policy

This privacy policy (the “Policy”) aims to inform you about the way COSSELIE L.P. (“COSSELIE,” “We,” “Us,” or “Our”) process your personal data, according to article 13 of 2016/679 GDPR. Respecting your personal data and your privacy, we inform you that the protection of your personal data constitutes a constant commitment for us. This privacy policy informs you about how we protect your personal data as a third person, customer, a potential customer, a visitor or user of our website od services (the “Services”), and it informs you regarding your rights and the way you are protected by the Greek and European legislation. Data controller is the company COSSELIE L.P. (Limited Partnership) with G.E.MI. Number 162851706000, V.A.T. Νumber EL801761777, D.O.Y. Z’ Thessalonikis as it is described below.

How We Collect Information

  • From you. We may collect personal information and other information that you provide when you use our Services and any other data that you may choose to provide. With your permission, we may also collect data from another source like your social media account.
  • From public or third-party sources. We may collect data from public sources including, but not limited to, social media and other websites that enable social sharing. Personal information may also be available from government agencies, public or third-party information sources, third party service providers, or business partners. We also may collect information from industry groups and associations or combine information we have collected from multiple sources.
  • Automatically when you engage with us online. COSSELIE collects data through our websites and apps and automatically from devices you use to connect to our services.
  • Referrals. We may collect your information through our referral program. If you choose to submit any personal information relating to other people, you represent that you have the authority to do so and permit us to use the information in accordance with this Policy.

How We Collect Information

We may collect different types of personal information when you interact with our services or purchase or products, including:

  • Contact information, such as your name, telephone or mobile phone number, email address, and postal and billing addresses.
  • Biographical and demographic information, such as your date of birth, age, and gender.
  • Account information, such as username and password, profile details you choose to provide, and feedback and reviews you may leave on our products or services.
  • Financial information to fulfill your order(s), such as banking details, credit or debit card information; details of transactions you conduct through our website or through other channels and of the fulfilment of your orders,
  • Information about your characteristics such as hair and eye color, pupillary distance (PD) and facial measurements.
  • Other personal information you or a person authorized by you submit.
  • Internet usage information, such as details of your visits to our website and information collected through cookies and other tracking technologies including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
  • Geolocation information; and
  • Inferences, such as inferences drawn from any of the information above so we may better understand your preferences.

Note, when using the Virtual Try-On tool on our website or your mobile device, we will use your camera to look at and measure your facial geometry, so you can view how our products look on your face. We do not store any of these scans or measurements and only collect and use that data while you are using the Virtual Try-On tool. Please note, this tool is powered by a third-party service provider.

How We Use Information

We may process personal information in a number of ways for the primary purpose of conducting our business, including:

  • Completing your transactions or purchases.
  • Filling and shipping your orders.
  • Administering contests, promotions, and sweepstakes.
  • Providing customer support, respond to your questions or requests, and otherwise communicating with you, including providing email and SMS notifications.
  • Sending you marketing communications.
  • Managing our relationship with you.
  • Sending you information about our products and services.
  • Researching and assessing our services and products to identify possible improvements, including collecting, using, and disclosing details about your usage patterns and interests.
  • Fulfilling obligations to, and cooperating with, government authorities, courts, regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or in order to enable us to comply with our regulatory requirements or to respond to regulators.
  • Resolving disputes or addressing complaints.
  • Protecting our property, rights, and security, and the rights, property, and security of third parties or the public in general.
  • To audit or provide reporting related to particular transactions and interactions you have with us or others on our behalf.
  • Pursuing our legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention.
  • Ensuring the quality or safety of our products and services.
  • Where you otherwise provide your consent; and
  • Where otherwise required by law.

International Transfers

There are no transfers to third countries outside the EU. In case it is required, the transmission will be done only for legitimate reasons and only in accordance with the provisions of the GDPR.

How We Disclose Information

We may share your information with our service providers, who act on our behalf, our partners and collaborators, and at your direction. Below are more details on who we share information with:

  • Our Affiliates and Subsidiaries.
  • Service Providers. We may provide your personal information to our vendors, contractors, business and service partners, or other third parties. Examples of service providers include advertisers, ecommerce and platform providers, payment processors, customer service and support providers, email, IT services and SMS vendors, loyalty program administrators, web hosting and development companies and shipping and fulfillment companies.
  • Professional Services. To firms that provide professional consultancy services on our behalf, such as our auditors or accountants.
  • Government, regulatory and law enforcement agencies. COSSELIE reserves the right to disclose your information to respond to authorized information requests from government authorities, to respond to valid judicial requests, to address national security situations, to provide security and investigate potential fraud, or when otherwise required by applicable law. We may also disclose your personal information as required by law to any competent law enforcement body, regulatory or government agency, court or other third party where we believe the disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request or legal process served on us, or to protect the safety, rights, or property of our customers, the public, COSSELIE or others, and to exercise, establish or defend our legal rights.

The above, other than government, regulatory and law enforcement agencies which is required by the law, have agreed and are contractually bound to:

  • keep confidentiality, and also bind their staff, with the respective obligations,
  • not to transfer data to third parties without our written permission,
  • undertake organizational and technical data security measures to protect your Data.
  • inform us of any incident relating to the violation of your Data.
  • delete or return your Data, upon the expiration of our contract
  • comply with the legal framework for the protection of personal data, in particular with the General Data Protection Regulation (GDPR)

COSSELIE does not sell personal information to third parties to use for their own benefit; however, we allow certain companies to place tracking technologies like cookies on our websites. Those companies receive information about your interaction with our websites that is associated with your browser or device and may use that data to serve you relevant ads on our websites or others. Except for this kind of sharing, we do not sell any of your information.

At our discretion, we may also disclose aggregated, anonymized or de-identified information that is not personally identifiable.

Security of Your Information

COSSELIE is committed to ensuring the security and integrity of the data it collects about the users of its website. We have adopted procedures that protect the personal data that users submit to our website. These procedures protect user data from any unauthorized access or disclosure, loss or misuse, and alteration or destruction. They also help to ensure that this information is accurate and used correctly. Your connection to our website is secure because it uses SSL (Secure Socket Layer) technology with a key size of 256Bits. SSL technology relies on a key code to encrypt data before it is sent over the (SSL) connection. The security control between the data and the Server is based on the unique key code, ensuring the integrity of the communication. The browsers Netscape Navigator, Internet Explorer, Mozilla Firefox, Opera, Safari support the SSL protocol and it is recommended to use them to connect to the b2b.cosselie.com website.

The processing of personal data is carried out in accordance with the provisions of the General Regulation on the Protection of Personal Data (GDPR 2016/679), any more specific national and European legislation for certain sectors, the currently applicable Greek legislation on the protection of personal data, as well as the protection of personal data and privacy in the field of electronic communications (Law 3471/2006, as applicable) and the decisions of the Personal Data Protection Authority (PDPA). We will take reasonable steps to ensure that the information is secure and may only be accessed by authorized persons. Please notify us immediately if you believe there has been any unauthorized access to your information.

Data Retention

We keep personal information as long as it is reasonably necessary for the purposes described in this Policy or otherwise in compliance with our or our service providers’ data retention policies. We will retain the information you choose to upload to your account, but you may login and delete it at any time. Please note after extended periods of inactivity, we reserve the right to delete your account or information from your account.

Certain information may be retained until the time limit for any legal challenges has expired or in order to comply with regulatory requirements regarding the retention of such personal information. Where applicable, if any personal information that we hold is no longer required for the purpose for which it was collected and no applicable law requires us to retain that information, we will take reasonable steps to de-identify or destroy the information.

Your Privacy Rights

Depending on where you reside, applicable data protection laws may give you the right to:

  • Know the categories and/or specific pieces of personal information collected about you, including whether your personal information is sold or disclosed, and with whom your personal information was shared.
  • Access a copy of the personal information we retain about you.
  • Request deletion of your personal information; Correct or update your personal information.
  • Opt-out of sales or sharing of your personal information for cross context behavioral advertising purposes.

You or your authorized representative may request to access, receive a copy of, correct, or delete the personal information we hold about you by contacting our Privacy Officer at gdpr@b2b.cosselie.com. To help protect the security of your personal information, we will verify your identity in connection with any requests. Also, we take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the personal information entrusted to us, including information to verify that you are authorized to make that request or proof of power of attorney.

There may be situations where we cannot grant your request, for example if you make a request and we cannot verify your identity, we will not be able to comply with the request. We may also be unable to comply with your request if we have a legal or regulatory obligation to keep your personal information. Other reasons your request may be denied are if it jeopardizes the privacy of others or would be extremely impractical to honor. Where we deny your request in whole or in part, we will take steps to inform you of the denial and provide an explanation of our actions and the reasons for the denial.

We will not restrict or deny you access to our services because of choices and requests you make in connection with your personal information. Please note, certain choices may affect our ability to deliver our Services. For example, if you sign up to receive marketing communications by email, then ask us to delete all of your information, we will be unable to send you marketing communications.

Applicable data protection laws may also give you the right to object to or restrict our processing of your personal information. Data subjects whose processing is based upon consent may withdraw that consent at any time; please note, withdrawal of consent will not be retroactive.

If you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

Privacy of Children

Our websites are not intended for children under the age of 18. We do not knowingly collect any personal data from children under the age of 18. The children’s products that we may offer for sale on our websites are intended for purchase by adults only. No-one under the age of 18 years should provide any personal data through our websites. If you are a parent or guardian and become aware that your child has provided us with information, please contact us at gdpr@b2b.cosselie.com. If we learn that we have collected personal information from a child, we will delete that information as soon as practicable.

Your Marketing Choices

When we ask for information from you for marketing purposes, you are given the opportunity to ‘opt-in’ to receive additional information, such as site announcements, product reviews, promotional information, product sampling opportunities and research requests from us and to allow us to share your contact information with certain of our trusted partners and customers. Where required by law, we will ask for your consent before conducting any of these types of marketing.

Marketing includes sending you updates about our products and offerings or shopping cart reminders. When we contact you, it may be by email or SMS. SMS may be sent using an automatic telephone dialing system. Consent for SMS marketing is not required as a condition to purchase products or services. Message and data rates may apply. Where we use or disclose your personal information for the purpose of direct marketing, we will:

  • inform you if we intend to use your information for such purposes (including by making available this Policy).
  • allow you to ‘opt out’ or, in other words, allow you to request not to receive direct marketing communications; and
  • comply with any such request by you to ‘opt-out’ of receiving further communications within a reasonable time frame.

We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you. You may ask to be removed from our marketing lists at any time by clicking the unsubscribe link or by directly contacting us. If you don’t wish to receive direct marketing materials, contact our Privacy Officer using the details set out at the end of this Privacy Policy.

Our website may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check those policies before you submit any personal information to such third-party websites.

Questions and Complaints

COSSELIE L.P. is the data controller in respect of your personal information under this Policy.
If you have a question about how we handle personal information, wish to exercise any of the choices you may have in your personal information, or lodge a complaint about our management of personal information (including if you believe that we have managed your personal information in breach of applicable privacy laws), you may contact our Privacy Officer:

Attention: Privacy Officer
COSSELIE L.P.
Tombazi 30 & Kountourioti
55535, Pylea
Thessaloniki
Email: gdpr@b2b.cosselie.com

The Privacy Officer will coordinate the investigation of any complaint and any potential resolution of a complaint. In order to be sure that we understand the details and nature of your question or complaint, we may ask you to put your question or complaint in writing. We will aim to resolve all complaints as soon as practicable for us to do so.

Cookies Policy

View our cookie policy here.

For further information on the cookies, we use and the purposes for which we use them, please contact our Privacy Officer.

Modifications of this Policy

This policy is subject to future modifications, due to compliance procedure with GDPR. This edition substitutes all the previous publications or notifications by us.

This policy replaces all the previous notifications which we potentially provided in the past, regarding our information practices. We reserve the right to change this policy and implement any change in collected information, as provided by law.
If there are essential changes in this policy or our practices regarding information will be modified in the future, we will notify you by publishing the changes on our website.

It is important for us, your collected by us personal data to be precise and valid. By this policy, we ask you to inform us if your personal data change during our professional cooperation.

We can modify this Privacy Policy in order to be able to harmonize with the over time applying practices of personal data protection. When we change this Privacy Policy, we will update the update date on the top of this Policy. We encourage you occasionally to read carefully this Policy, in order you to be informed about the way our company protects your data.