Privacy Policy

Privacy Policy

Last updated: May 2026

This Privacy Policy describes how COSPICON S.A. (“we”, “us”, “our” or “the Company”) collects, uses, processes, and protects your personal data when you visit, browse, or make a purchase through our online store at www.cospicon.com (“the Website” or “the eshop”). We are committed to protecting your privacy in compliance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”), Greek Law 4624/2019, and other applicable data protection legislation.

1. Data Controller

The data controller responsible for the processing of your personal data is:

For any questions related to this Privacy Policy or to exercise your rights regarding your personal data, please contact us at info@cospicon.com.

2. Personal Data We Collect

We collect personal data that you voluntarily provide to us, as well as data automatically collected when you interact with our Website. The categories of personal data we may collect include:

2.1 Information you provide directly

  • Account & contact details: first and last name, email address, phone number, billing address, shipping address.
  • Order information: products purchased, order history, order value, special instructions.
  • Tax and invoicing data (for business customers): company name, VAT/Tax ID number, tax office, business address.
  • Payment confirmation data: bank transfer reference, proof of payment (when sent via email). We do not collect or store credit card numbers, bank login credentials, or other sensitive financial information.
  • Communications: any messages, inquiries, or feedback you send to us via contact forms, email, phone, or social media.

2.2 Information automatically collected

  • Technical data: IP address, browser type and version, device type, operating system, referring URL, time of access.
  • Geolocation: approximate location derived from IP address, used to determine the appropriate currency display (EUR or USD) and shipping zone.
  • Usage data: pages visited, time spent on the Website, products viewed, items added to cart, search queries.
  • Cookies and similar technologies: see our Cookie Policy for detailed information.

3. Purposes of Processing & Legal Basis

We process your personal data for the following purposes, each with a corresponding legal basis under GDPR:

Purpose Legal Basis
Processing and fulfilling your orders, including shipping, payment confirmation, and customer support Performance of a contract (Art. 6(1)(b) GDPR)
Issuing invoices and meeting tax and accounting obligations Legal obligation (Art. 6(1)(c) GDPR)
Communicating with you about your orders, inquiries, or after-sales service Performance of a contract (Art. 6(1)(b) GDPR)
Improving our Website, products, and services through analytics Legitimate interests (Art. 6(1)(f) GDPR)
Sending marketing communications and newsletters Consent (Art. 6(1)(a) GDPR)
Detecting and preventing fraud, security incidents, or misuse of the Website Legitimate interests (Art. 6(1)(f) GDPR)
Complying with court orders, legal proceedings, or government requests Legal obligation (Art. 6(1)(c) GDPR)

4. Recipients of Your Personal Data

Your personal data may be shared with the following categories of recipients, all of whom are bound by professional confidentiality and data processing agreements where applicable:

  • Internal staff: our authorized employees (sales, customer service, accounting) on a need-to-know basis.
  • External accountants: for tax and invoicing purposes only (limited to financial data).
  • Banking institution: Alpha Bank Greece, for receiving and verifying bank transfer payments. We share only the minimum information necessary to identify your payment.
  • Shipping and logistics partners: couriers and freight forwarders necessary to deliver your order (e.g., name, address, phone number for delivery confirmation).
  • Hosting and IT service providers: the company providing the technical infrastructure of the Website (under data processing agreements).
  • Public authorities: tax authorities, customs authorities (for international shipments), or law enforcement when required by law.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

5. International Data Transfers

Cospicon serves customers worldwide, including destinations outside the European Economic Area (EEA), such as the United States, Canada, the United Arab Emirates, and Latin American countries. When you place an order to be shipped outside the EEA, your personal data (such as your name, address, and phone number) will be transferred to the relevant shipping carrier and customs authorities in the destination country.

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with an adequacy decision by the European Commission, or
  • Standard Contractual Clauses (SCCs) approved by the European Commission, or
  • Other lawful transfer mechanisms under Chapter V of the GDPR.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable legal and tax obligations:

  • Order and invoicing data: retained for at least 10 years, in accordance with Greek tax legislation.
  • Customer account data: retained for as long as your account is active, plus 2 years after your last activity, unless deletion is requested earlier.
  • Marketing consent records: retained until you withdraw your consent or unsubscribe.
  • Technical and analytics data: retained in aggregated/anonymized form, typically up to 26 months in Google Analytics.
  • Communications: retained for up to 5 years from the last interaction.

After the retention period, your data is securely deleted or anonymized.

7. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of access: to obtain confirmation of whether we process your data and a copy of it.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): to request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing: to limit how we process your data in certain circumstances.
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to object: to object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: at any time, where processing is based on consent.
  • Right to lodge a complaint: with the Hellenic Data Protection Authority (www.dpa.gr) or your local supervisory authority.

To exercise any of these rights, please contact us at info@cospicon.com. We will respond to your request within one (1) month, as required by GDPR. Exercising your rights is free of charge.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted between your browser and our Website (HTTPS).
  • Secure hosting environment with regular security updates and monitoring.
  • Access controls limiting personal data to authorized personnel only.
  • Regular backups and disaster recovery procedures.
  • Employee training on data protection and confidentiality.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9. Cookies & Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and remember your preferences (such as currency selection). Some cookies are essential for the operation of the Website, while others are used for analytics or marketing purposes and require your consent.

For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

You can manage cookie preferences at any time through the consent banner displayed on our Website or your browser settings.

10. Analytics & Third-Party Services

We may use third-party analytics services to help us understand how visitors use our Website. These services may include:

  • Google Analytics: for collecting anonymized statistics about Website usage. Google’s privacy policy is available at policies.google.com/privacy.
  • European Central Bank (ECB) reference rates (via Frankfurter API): for converting prices between EUR and USD. This service does not collect personal data; we only request currency rates.

These services may collect IP addresses and other technical identifiers. Their use is subject to our cookie consent mechanism where applicable.

11. Currency Display & Geolocation

To improve your shopping experience, our Website automatically detects your approximate location based on your IP address (geolocation) and displays prices in EUR or USD accordingly. You can change your preferred currency at any time using the currency switcher in the Website header. Your selection is stored in a cookie on your device for 30 days.

Please note that all transactions are processed in EUR. Prices displayed in USD are indicative, based on the daily reference exchange rate published by the European Central Bank.

12. Children’s Privacy

Our Website is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately so we can delete it.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority (Hellenic Data Protection Authority) within 72 hours of becoming aware of the breach, in accordance with Articles 33 and 34 of the GDPR.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be posted on this page with a new “Last updated” date. We encourage you to review this policy periodically.

If we make material changes that significantly affect how we process your personal data, we will notify you by email (where we have your contact details) or through a prominent notice on our Website.

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by