Welcome to our website https://goldenhall.gr (hereinafter the «Website»). 

This Website is owned by the company with the tradename “LAMDA DOMI S.M.S.A.” (hereinafter “Company”), which has its registered seat at 37A Kifisias Avenue, 15123, in Athens, Greece, for the provision of on-line information and services to the users of the Website (hereinafter “Users”). 

The Company is the Data Controller of your personal data, collected through the Website and other digital thouchpoints (hereinafter “Data Points”), pursuant to EU General Data Protection Regulation 2016/679 (hereinafter “GDPR”) and L. 4624/2019. This Privacy Notice is provided in order to inform you on the personal data collected, to explain the means and purposes of data processing, to state any third parties with whom we share your data and finally to inform you on your data protection rights. 

What are the Data Points from which we collect data?

With the use of technology, our intention is to create a holistic, tailor-made and superior customer experience for our Users and visitors (hereinafter “GH Experience”). Such GH Experience is built upon linking, analyzing and further processing the engagement of Users and visitors with various Data Points, including: 

· the Website use, for both logged-in and logged-out Users, by recording Website sessions, user profile, cookie information and favorites marked;

· the participation in quizzes and gamified activities through the Website;

· the Golden Hall social media accounts use, by recording reactions with the respective pages;

· the Golden Hall e-mail campaigns and surveys interactions, by recording such;

· the reading or sharing of Golden Hall news on third-party websites;

The collected data are continuously correlated, built up and categorized, as part of a single User/visitor’s profile, with fully automated means, which do not however result in legally important decision-making against the individuals involved. Based on such automated analyses, the Company aims to increase customer engagement and loyalty, by providing through its Website properly personalized browsing content, as well as targeted marketing communications to its (ultimately) registered Users.

YOU CAN ENABLE THE GH EXPERIENCE FUNCTIONALITY DURING YOUR REGISTRATION TO THE WEBSITE AND FURTHER DISABLE/ENABLE IT THROUGH YOUR PROFILE SETTINGS.

What personal data do we process? 

Personal data we generally collect and further process when you use the Website, are the following: 

· E-mail address, when subscribing to our newsletter.

· Contact form data, such as name, surname, e-mail address, phone number, details of contact request, when contacting us.

· Technical data, such as IP address, date and time of visit, type of browser and operating system, device model, browsing and commercial behavior, as collected through cookies and similar technologies, which are relevant to the security, functionality, personalization, analysis and marketing use of your visit to the Website. For more information regarding cookies and similar technologies, visit our Cookies Policy. 

Furthermore, within the context of the GH Experience, for the registered Users that have enabled this functionality, the following personal data will be processed, as collected through the various Data Points: 

· Basic Loyalty account information, including name, surname, e-mail address, date of birth, sex, age, telephone, home address, postal code, username/user registration number, password, registration date. Additionally, if you opt to log-on with a third-party account (such as Facebook), we will also collect your social media username/user registration number, profile photo, date of birth, e-mail address, gender. 

· Digital user behavioral data, including browsing and user journey data from the Website (e.g. scrolls, clicks, time spent, webpages visited, redirection from another website, wider location, age group). Additionally, if you opt to log-on with a third-party account (such as Facebook), we will also collect information on your interaction with the Company's respective social media accounts (e.g. whether the official account is followed, likes/reactions to paid campaigns, including Google AdWords, Facebook Ads). 

·  Third-party websites’ information, including data we collect when you interact with products and services advertised in affiliate websites, which demonstrate your consumer preferences. 

· Profile generated data including family status, shopping/spending preferences, education level, professional status, loyalty category, services/digital material customized, as well as offers/bonuses/discounts won and redeemed.

Why do we process your personal data? 

Within the context of the Website’s use, as well as the GH Experience, the Company processes your data according to the following purposes and legal bases: 

A. Contract 

The processing of personal data is necessary for providing you the services attached to the sign-up and support of your loyalty (i.e. registered user) account, as well as the overall provision of services provided to our registered users, as such are defined and agreed through our Terms & Conditions. For example, as a registered user you enjoy the personalization of the Website, according to your searches, preference, purchases and “favorites”. 

B. Legal Obligation

We are obliged to process your data protection requests and overall to comply with any data requests received by responsible police, judiciary or other supervisory authorities.

C. Legitimate Interest 

It is in the Company’s legitimate interests to process your personal data to ensure the uninterrupted, proper and secure operation of our Website, maintain backup copies, safeguard business continuity issues, as well as in order to detect and prevent instances of fraud. 

Moreover, it is in our legitimate interests to process your personal data within the context of directly and effectively responding to any request or query you address to us through the submission of a contact form, through the Website or other official channels of ours. 

Furthermore, it is in the Company's legitimate interests to perform user profiling, with fully automated means not having legal or otherwise significant impact, through internal analyses, user segmentation and business intelligence/development activities. In that respect, we process your loyalty account usage and transactional data in an aggregated form, so as to better understand our registered users and further develop and enhance the GH Experience. 

Most importantly, it is in our legitimate interests to communicate our marketing messages with our registered users, including GH news, special offers and promotions, through various channels, such as e-mail, SMS/Viber/Whatsapp text, mobile app push notification and on social media ads. In order to achieve this, we share your contact details (e-mail address, phone number), as well as customer profile data and advertising identifiers to our marketing partners. You can enable or disable marketing communications during your sign-up, in your user settings or simply by unsubscribing.

D. Consent 

In case you are a non-registered user (i.e. you do not have an account on the Website) and wish to receive newsletters from us, you can provide your consent on the Website by subscribing to the relevant service. In this case, we will process the e-mail address you provided us with for generic informative and promotional purposes. You have the ability to withdraw your consent at any time, simply by unsubscribing. 

Furthermore, provided that you give your consent for the use of technologies such as cookies and relevant trackers, your data will be processed according to the  Cookies Policy of the Website, for security, analysis, personalization and/or advertising purposes. You may change your option regarding cookies at any time and withdraw your consent, through the Cookies Policy of the Website. 

With whom do we share your personal data? 

For the fulfillment of the aforementioned purposes, your data will be disclosed to third parties, such as: 

· Website development and support companies.

· Third-party log-in and marketing partners, including Facebook, Google, Twitter, Taboola, Sitecore.

· Data storage and server hosting providers.

· Our external lawyers, consultants, accountants, auditors and advisors.

· Companies that commit to data protection officer duties.

· Other Lamda Group companies with which we collaborate in the fulfillment of the aforementioned purposes.

· Any other administrative, judicial, or public authority or in general to a natural or legal person against which, on the basis of law or judicial decision the Company has a relevant obligation or right to disclose such data or in general, in order to defend its legitimate interests. 

Our Website uses trackers which enable us to better advertise and develop our services, including Facebook Business Tools. Please note that specifically in the context of the Facebook Business Tools, we operate as Joint Controllers along with Facebook Ireland Ltd, according to our data sharing agreement, which sets -among others- our responsibilities for compliance with the obligations under the GDPR with regard to the Joint Processing. Facebook Ireland is responsible for enabling Data Subjects’ rights under Articles 15-20 of the GDPR, with regard to the Personal Data stored by Facebook Ireland after the Joint Processing. You can find more information in Facebook Ireland’s data policy.

In the recipients described above, there are also vendors which are based outside the EU/EEA and specifically in the USA. Therefore, some of your personal data are internationally transferred. For this reason, we have taken increased due diligence measures, such as data minimization, anonymization and encryption techniques, as well as signature of strict standard contractual clauses. 

The Company has implemented all necessary measures, in order for its personnel and external partners to be specifically authorized for these purposes and fully committed to confidentiality and respective legal obligations under the legislation for the collection and further processing of the aforementioned personal data. 

How does the Company protect your personal data? 

We have implemented all appropriate organizational and technical measures, pursuant to the applicable legal framework and technical standards, in order to safeguard that processing of data is legitimate, appropriate and secured against any unauthorized or illegal access, deletion, amendment or any other use of the data. 

How long do we retain your personal data? 

Your personal data are retained for as long as this is required for the fulfillment of each processing purpose. Upon expiration of each applicable term, your personal data will be deleted, unless otherwise required under the applicable legal and regulatory framework or for the establishment, exercise or defense of legal claims. 

More precisely, data that are collected through subscription to our newsletter is retained until you withdraw your consent, your account and profile data are retained for as long as your account remains active.

Your rights 

In any case, we would like to inform you that, according to the applicable legislation, you may exercise the following rights, after verification of your identity: 

·  right of access to your personal data, including information concerning the processing of personal data,

·  right to rectification of inaccurate or incomplete personal data, 

·  right to erasure (“right to be forgotten”), 

·  right to restriction of the processing, according to law provisions, 

· right to data portability, in a structured, commonly used and machine-readable format (e.g. USB), to you or to another data controller, 

· right to object to the processing which is based on the Company’s legitimate interests,

· right not to be subject to fully automated means and to request human intervention to challenge any decisions made,

· right to withdraw your consent directly and freely.

You can exercise any of the abovementioned rights by submitting a written request to our Company. You can expect a reply to such a request within one (1) month following its receipt by the Company and in any case, by extension, within two (2) additional months, depending on the perplexity of your request or the high volume of requests received. 

Contact details 

You may address any questions or requests regarding the protection of your personal data within the context of the Website’s functioning to our Data Protection Officer, at personaldata@lamdadev.com 

Lodge a Complaint 

In case you deem that we have not duly satisfied your request and the protection of your personal data is somehow affected, you may lodge a complaint through the dedicated online portal of the Hellenic Data Protection Authority (Athens, 1-3 Kifissias Avenue, 11523 Athens, Greece | +30 210 6475600). You may find detailed guidelines on how to lodge a complaint on the DPA’s website.

What happens with third party websites? 

The Website provides access to third party websites through appropriate hyperlinks (links). These links are intended solely for the convenience of Users of the Website, and the websites to which they refer are subject to the respective terms of use and Privacy Policies. The display of the links is not a sign of approval or acceptance of the content of the respective websites by the webmaster, who does not bear any responsibility for their content as well as for the privacy practices or the accuracy of the website material. The Company has no control over the websites held by third parties or their content, which is accessed or made available through this Website and, therefore, the Company does not endorse, sponsor, or otherwise accept any responsibility for such websites or their content. The User bears full responsibility for browsing any third party websites through the links provided in the Website.